Description of problem: Security issues are listed under Win / Mac OS X, so i'm not sure about them but heap corruption may cause problems too.
(Such reports are usually useless, packagers catch updates notifications from http://check.mageia.org/).
(In reply to comment #0) > Description of problem: > Security issues are listed under Win / Mac OS X, so i'm not sure about them but > heap corruption may cause problems too. Nevertheless, thanks for the reminder.
CC: (none) => odahlum
Actually, as Sander pointed out on IRC, the report isn't just about a version bump, it's about a version fixing some sec issues.
(Although it doesn't look that severe, i.e. doesn't have to be an official update.. just backports).
CVE-2011-2194 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2194
CC: (none) => boklm
Two security bugs have also been fixed in VLC 1.1.11: Security: * Fix buffer overflows in the RealMedia demuxer (CVE-2011-2587) and the AVI one (CVE-2011-2588). I see that VLC 1.1.11 has been uploaded to Cauldron. It should also be offered as a security update to Mageia 1.
CC: (none) => LpSolit, fundawangSummary: New version of VLC (1.1.10) fixes some security issues + heap corruption / integer overflow in XSPF playlist parser => New version of VLC (1.1.11) fixes some security issues + heap corruption / integer overflow in XSPF playlist parser
I've uploaded vlc-1.1.11-0.1.mga1 into core/updates_testing and tainted/updates_testing. Advisory text: Several vulnerabilities were discovered and corrected in vlc: VLC media player suffers from an integer overflow vulnerability in the XSPF playlist file parser. (CVE-2011-2194) VLC media player suffers from a heap overflow vulnerability in the Real Media file parser and AVI file parser. (CVE-2011-2587, CVE-2011-2588). The updated packages have been upgraded to the 1.1.11 version which is not vulnerable to these issues.
Assignee: bugsquad => qa-bugs
Created attachment 659 [details] List of 36 packages in vlc update There are 36 packages in core updates testing involved in this update as well as 36 in tainted updates testing. See attachment for list. The two srpm packages are vlc-1.1.11-0.1.mga1.src.rpm vlc-1.1.11-0.1.mga1.tainted.src.rpm I installed the 36 packages from Core Updates testing, confirmed I could play audio and video files, and play a test video http://goa103.free.fr/t_63455/media_player.php in firefox, to test the mozilla plugin. I then used urpmi --auto-select to update the packages with the versions from tainted updates testing, and repeated the tests. Testing complete on i586.
Tested on x86_64 : OK also watching streaming TV.
CC: (none) => lists.jjorge
That's interesting, so we have to do 2 updates advisory ?
CC: (none) => misc
Ok, I did only one for now, was easier.
Fixed
Status: NEW => RESOLVEDResolution: (none) => FIXED
There is a severe regression with VLC 1.1.11: the audio and video are no longer in sync when playing a FLV or MP4 video. This problem disappears when reinstalling vlc-1.1.9-4.mga1.tainted. Is one of the Mageia patches responsible for this regression, or is this problem also visible upstream?
I reported this bug upstream: https://trac.videolan.org/vlc/ticket/5124
This bug report being already closed, please open a new bug report depending on this one.
CC: (none) => stormi
Blocks: (none) => 2267
CC: boklm => (none)