VLC 2.2.6 has been released, fixing more security issues and bugs: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS;h=883218244ced2ad9748490e9b6111b8c3d28d230;hb=HEAD
(In reply to David Walser from comment #0) > VLC 2.2.6 has been released, fixing more security issues and bugs: > http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS; > h=883218244ced2ad9748490e9b6111b8c3d28d230;hb=HEAD Submitted to 5 core/updates_testing and 5 tainted/updates_testing . Please test vlc-2.2.6-1mga - assigning to QA.
Assignee: shlomif => qa-bugs
Thanks Shlomi! Advisory: ======================== The VLC packages have been updated to version 2.2.6, which includes various security improvements in demuxers, as well as other bug fixes. References: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS;h=883218244ced2ad9748490e9b6111b8c3d28d230;hb=HEAD ======================== Updated packages in {core,tainted}/updates_testing: ======================== vlc-2.2.6-1.mga5 libvlc5-2.2.6-1.mga5 libvlccore8-2.2.6-1.mga5 libvlc-devel-2.2.6-1.mga5 vlc-plugin-common-2.2.6-1.mga5 vlc-plugin-zvbi-2.2.6-1.mga5 vlc-plugin-kate-2.2.6-1.mga5 vlc-plugin-libass-2.2.6-1.mga5 vlc-plugin-lua-2.2.6-1.mga5 vlc-plugin-ncurses-2.2.6-1.mga5 vlc-plugin-lirc-2.2.6-1.mga5 svlc-2.2.6-1.mga5 vlc-plugin-aa-2.2.6-1.mga5 vlc-plugin-sdl-2.2.6-1.mga5 vlc-plugin-shout-2.2.6-1.mga5 vlc-plugin-opengl-2.2.6-1.mga5 vlc-plugin-vdpau-2.2.6-1.mga5 vlc-plugin-projectm-2.2.6-1.mga5 vlc-plugin-theora-2.2.6-1.mga5 vlc-plugin-twolame-2.2.6-1.mga5 vlc-plugin-fluidsynth-2.2.6-1.mga5 vlc-plugin-gme-2.2.6-1.mga5 vlc-plugin-schroedinger-2.2.6-1.mga5 vlc-plugin-speex-2.2.6-1.mga5 vlc-plugin-flac-2.2.6-1.mga5 vlc-plugin-dv-2.2.6-1.mga5 vlc-plugin-mod-2.2.6-1.mga5 vlc-plugin-mpc-2.2.6-1.mga5 vlc-plugin-sid-2.2.6-1.mga5 vlc-plugin-pulse-2.2.6-1.mga5 vlc-plugin-jack-2.2.6-1.mga5 vlc-plugin-bonjour-2.2.6-1.mga5 vlc-plugin-upnp-2.2.6-1.mga5 vlc-plugin-gnutls-2.2.6-1.mga5 vlc-plugin-libnotify-2.2.6-1.mga5 vlc-plugin-chromaprint-2.2.6-1.mga5 from vlc-2.2.6-1.mga5.src.rpm
i586 The following 3 packages are going to be installed: - vlc-2.2.6-1.mga5.i586 - vlc-plugin-lua-2.2.6-1.mga5.i586 - vlc-plugin-theora-2.2.6-1.mga5.i586 901KB of additional disk space will be used. 5.7MB of packages will be retrieved. Is it ok to continue? The following package is going to be installed: - vlc-plugin-common-2.2.6-1.mga5.i586 32B of additional disk space will be used. 3.4MB of packages will be retrieved. Is it ok to continue? Went to the tainted options When selecting vlc-plugin-common Sorry, the following package cannot be selected: - vlc-plugin-common-2.2.6-1.mga5.tainted.i586 (due to unsatisfied libfaad.so.2) The following 4 packages are going to be installed: - vlc-2.2.6-1.mga5.tainted.i586 - vlc-plugin-flac-2.2.6-1.mga5.tainted.i586 - vlc-plugin-lua-2.2.6-1.mga5.tainted.i586 - vlc-plugin-theora-2.2.6-1.mga5.tainted.i586 51KB of additional disk space will be used. 5.7MB of packages will be retrieved. Is it ok to continue? ==== it won't play aac audio codecs in videos.
CC: (none) => brtians1
x86_64 real hardware. Just checking Brian's point about AAC codecs in comment 2. lib64faad2 was already installed. Installed the packages from the tainted updates repository and checked vlc with a FrenchMaidTV video. Sound came through fine. Looked at the info->codec tab which listed Stream 0 as MPEG AAC Audio (mp4a). A chosen skin was used courtesy of svlc. No regressions noted on this short test.
CC: (none) => tarazed25
x86_64 real hardware Installed all the packages from Core Updates Testing. $ rpm -q vlc vlc-2.2.6-1.mga5 Checked video and sound. Looks OK for MP4, m2t, mp4 with a separate subtitles file (subtitles OK), MOV (confirmed that the AAC codec was being handled), mp3, ogg, flac, wav, flv. Skinned interface works fine. Good for 64-bits.
Whiteboard: (none) => Mexit
Whiteboard: Mexit => MGA5-64-OK
Thanks Len - will try that. libfaad - I'll look into that install.
In VirtualBox, M5, KDE, 32-bit Package(s) under test: vlc svlc libvlc5 libvlccore8 vlc-plugin-common vlc-plugin-pulse vlc-plugin-theora default install of vlc svlc libvlc5 libvlccore8 vlc-plugin-common vlc-plugin-pulse & vlc-plugin-theora [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.68-desktop586-1.mga5 #1 SMP Sun May 14 17:55:26 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi vlc Package vlc-2.2.5.1-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi svlc Package svlc-2.2.5.1-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlc5 Package libvlc5-2.2.5.1-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlccore8 Package libvlccore8-2.2.5.1-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-common Package vlc-plugin-common-2.2.5.1-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-pulse Package vlc-plugin-pulse-2.2.5.1-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-theora Package vlc-plugin-theora-2.2.5.1-1.mga5.tainted.i586 is already installed VLC plays files: mov mp4 avi flv wmv wav mp3 webm ogg ogv Install: vlc svlc libvlc5 libvlccore8 vlc-plugin-common vlc-plugin-pulse vlc-plugin-theora from updates-testing [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.68-desktop586-1.mga5 #1 SMP Sun May 14 17:55:26 UTC 2017 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi vlc Package vlc-2.2.6-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi svlc Package svlc-2.2.6-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlc5 Package libvlc5-2.2.6-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlccore8 Package libvlccore8-2.2.6-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-common Package vlc-plugin-common-2.2.6-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-pulse Package vlc-plugin-pulse-2.2.6-1.mga5.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-theora Package vlc-plugin-theora-2.2.6-1.mga5.tainted.i586 is already installed VLC plays files: mov mp4 avi flv wmv wav mp3 webm ogg ogv
CC: (none) => wilcal.int
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Whiteboard: MGA5-64-OK => MGA5-32-OK MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0150.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This update fixed CVE-2017-8310, CVE-2017-8311, CVE-2017-8312, CVE-2017-8313. Debian has issued an advisory for this on June 27: https://www.debian.org/security/2017/dsa-3899