VLC 2.2.3 has been released on May 2. The NEWS file is here: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS;h=c8bc5dd77b4fb1f6094f9ec447def98055800ede;hb=HEAD The stack overflow, infinite loop, and crash fixes may be security relevant.
Whiteboard: (none) => MGA5TOO
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
(In reply to David Walser from comment #0) > VLC 2.2.3 has been released on May 2. The NEWS file is here: > http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS; > h=c8bc5dd77b4fb1f6094f9ec447def98055800ede;hb=HEAD > > The stack overflow, infinite loop, and crash fixes may be security relevant. Hi! The new packages for Mageia 5 were built and submitted to core/updates_testing and tainted/updates_testing: http://pkgsubmit.mageia.org/ Now we need to write an advisory and pass it through QA.
Thanks Shlomi! Advisory: ======================== Updated vlc packages fix security vulnerabilities: The vlc package has been updated to version 2.2.2, which fixes several bugs and possible security issues. See the NEWS file for details. References: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS;h=c8bc5dd77b4fb1f6094f9ec447def98055800ede;hb=HEAD ======================== Updated packages in {core,tainted}/updates_testing: ======================== vlc-2.2.3-1.mga5 libvlc5-2.2.3-1.mga5 libvlccore8-2.2.3-1.mga5 libvlc-devel-2.2.3-1.mga5 vlc-plugin-common-2.2.3-1.mga5 vlc-plugin-zvbi-2.2.3-1.mga5 vlc-plugin-kate-2.2.3-1.mga5 vlc-plugin-libass-2.2.3-1.mga5 vlc-plugin-lua-2.2.3-1.mga5 vlc-plugin-ncurses-2.2.3-1.mga5 vlc-plugin-lirc-2.2.3-1.mga5 svlc-2.2.3-1.mga5 vlc-plugin-aa-2.2.3-1.mga5 vlc-plugin-sdl-2.2.3-1.mga5 vlc-plugin-shout-2.2.3-1.mga5 vlc-plugin-opengl-2.2.3-1.mga5 vlc-plugin-vdpau-2.2.3-1.mga5 vlc-plugin-projectm-2.2.3-1.mga5 vlc-plugin-theora-2.2.3-1.mga5 vlc-plugin-twolame-2.2.3-1.mga5 vlc-plugin-fluidsynth-2.2.3-1.mga5 vlc-plugin-gme-2.2.3-1.mga5 vlc-plugin-schroedinger-2.2.3-1.mga5 vlc-plugin-speex-2.2.3-1.mga5 vlc-plugin-flac-2.2.3-1.mga5 vlc-plugin-dv-2.2.3-1.mga5 vlc-plugin-mod-2.2.3-1.mga5 vlc-plugin-mpc-2.2.3-1.mga5 vlc-plugin-sid-2.2.3-1.mga5 vlc-plugin-pulse-2.2.3-1.mga5 vlc-plugin-jack-2.2.3-1.mga5 vlc-plugin-bonjour-2.2.3-1.mga5 vlc-plugin-upnp-2.2.3-1.mga5 vlc-plugin-gnutls-2.2.3-1.mga5 vlc-plugin-libnotify-2.2.3-1.mga5 vlc-plugin-chromaprint-2.2.3-1.mga5 from vlc-2.2.3-1.mga5.src.rpm
CC: (none) => shlomifAssignee: shlomif => qa-bugs
Testing on x86_64. Installed all the udates from Core Updates Testing first of all. pulseaudio for sound Played vlc recorded video (.ts == mp4 container I think) with subtitles. Played downloaded BBC MP4 documentary with subtitles. And: Music tracks - mp3, flac, ogg, wav, xm Youtube flv, mkv and wmv videos Live TV, such as BBC HD with subtitles, via a channels.xspf playlist Commercial DVD, enabled subtitles OK. No way to check lirc, and the other plugins do not ring any bells.
CC: (none) => tarazed25
Enabled Tainted Updates Testing and installed everything. Tested the tainted version on a homespun m3u playlist linked to MP3 files. Also tried 'vlc .' in my Youtube directory and that also worked. Ran all the earlier tests without any problem. Tried out all the interface buttons. All OK. Selected various skins from the skins2 directory. Played music CD. Checked keyboard interaction. Z preassigned to control zoom, half and double. Added a key to toggle subtitles - OSD showed whether they were available or not. Finished testing for 64-bits.
Whiteboard: (none) => MGA5-64-OK
Validating.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => has_procedure MGA5-64-OKCC: (none) => sysadmin-bugs
Thanks for that Claire. I was about to report on my difficulties in i586 virtualbox. Adding the report anyway. Installed the packages from updates testing in i586 vbox. I have problems with hardware in my i586 virtualbox so full testing is difficult. Sound capabilities are nil currently because everything is bluetooth. Need to try an audio cable connection. MP4 videos play and the interface buttons work fine. Keyboard zoom function works. Subtitles can be enabled from the menu. Borrowed the USB TV tuner from the host and can view TV channels. SDTV is perfect but HD suffers from a bandwidth problem - blocky at times and stutters a lot. Was not able to read from /dev/sr0 so DVDs and CDs cannot be tested. In summary, this is better tested on real hardware or in a vbox which is properly set up. I shall not bother with tainted.
Thanks Len
Happy to push it Len?
Sorry. I missed that. Yes I am sure it is OK.
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0168.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/686756/