VLC 3.0.13 and 3.0.14 have been released on May 10 and May 12: https://www.videolan.org/vlc/releases/3.0.13.html https://code.videolan.org/videolan/vlc-3.0/-/raw/master/NEWS https://git.videolan.org/?p=vlc/vlc-3.0.git;a=blob;f=NEWS;h=e5dd1855e797179ec3a0bee2cae4ac68705a70cc;hb=41878ff4f2a4b566cf0a1bd15f72037b2be98a18 There are security fixes in 3.0.13.
Whiteboard: (none) => MGA8TOO, MGA7TOO
The main VLC page proclaims 3.0.13, but the download bit says "Version 3.0.14 • Linux". We already have version 3.0.13 in Cauldron thanks to Stig, so assigning this bug to you.
Assignee: bugsquad => smelror
Pushed 3.0.14 to Cauldron.
Depends on: (none) => 28278
Updated packages uploaded to core *and tainted* updates_testing. SRPMS: vlc-3.0.14-1.mga7.src.rpm vlc-3.0.14-1.mga8.src.rpm RPMS: vlc-3.0.14-1.mga7 libvlc5-3.0.14-1.mga7 libvlccore9-3.0.14-1.mga7 libvlc-devel-3.0.14-1.mga7 vlc-plugin-common-3.0.14-1.mga7 vlc-plugin-zvbi-3.0.14-1.mga7 vlc-plugin-kate-3.0.14-1.mga7 vlc-plugin-libass-3.0.14-1.mga7 vlc-plugin-lua-3.0.14-1.mga7 vlc-plugin-ncurses-3.0.14-1.mga7 vlc-plugin-lirc-3.0.14-1.mga7 svlc-3.0.14-1.mga7 vlc-plugin-aa-3.0.14-1.mga7 vlc-plugin-sdl-3.0.14-1.mga7 vlc-plugin-shout-3.0.14-1.mga7 vlc-plugin-opengl-3.0.14-1.mga7 vlc-plugin-vdpau-3.0.14-1.mga7 vlc-plugin-projectm-3.0.14-1.mga7 vlc-plugin-theora-3.0.14-1.mga7 vlc-plugin-twolame-3.0.14-1.mga7 vlc-plugin-fluidsynth-3.0.14-1.mga7 vlc-plugin-gme-3.0.14-1.mga7 vlc-plugin-schroedinger-3.0.14-1.mga7 vlc-plugin-speex-3.0.14-1.mga7 vlc-plugin-flac-3.0.14-1.mga7 vlc-plugin-dv-3.0.14-1.mga7 vlc-plugin-mod-3.0.14-1.mga7 vlc-plugin-mpc-3.0.14-1.mga7 vlc-plugin-sid-3.0.14-1.mga7 vlc-plugin-sndio-3.0.14-1.mga7 vlc-plugin-pulse-3.0.14-1.mga7 vlc-plugin-jack-3.0.14-1.mga7 vlc-plugin-rist-3.0.14-1.mga7 vlc-plugin-upnp-3.0.14-1.mga7 vlc-plugin-gnutls-3.0.14-1.mga7 vlc-plugin-libnotify-3.0.14-1.mga7 vlc-plugin-chromaprint-3.0.14-1.mga7 vlc-plugin-samba-3.0.14-1.mga7 vlc-3.0.14-1.mga8 vlc-plugin-common-3.0.14-1.mga8 svlc-3.0.14-1.mga8 libvlccore9-3.0.14-1.mga8 libvlc-devel-3.0.14-1.mga8 vlc-plugin-lua-3.0.14-1.mga8 libvlc5-3.0.14-1.mga8 vlc-plugin-vdpau-3.0.14-1.mga8 vlc-plugin-opengl-3.0.14-1.mga8 vlc-plugin-flac-3.0.14-1.mga8 vlc-plugin-rist-3.0.14-1.mga8 vlc-plugin-ncurses-3.0.14-1.mga8 vlc-plugin-upnp-3.0.14-1.mga8 vlc-plugin-schroedinger-3.0.14-1.mga8 vlc-plugin-kate-3.0.14-1.mga8 vlc-plugin-jack-3.0.14-1.mga8 vlc-plugin-pulse-3.0.14-1.mga8 vlc-plugin-speex-3.0.14-1.mga8 vlc-plugin-theora-3.0.14-1.mga8 vlc-plugin-zvbi-3.0.14-1.mga8 vlc-plugin-gnutls-3.0.14-1.mga8 vlc-plugin-libass-3.0.14-1.mga8 vlc-plugin-shout-3.0.14-1.mga8 vlc-plugin-dv-3.0.14-1.mga8 vlc-plugin-mod-3.0.14-1.mga8 vlc-plugin-twolame-3.0.14-1.mga8 vlc-plugin-gme-3.0.14-1.mga8 vlc-plugin-fluidsynth-3.0.14-1.mga8 vlc-plugin-projectm-3.0.14-1.mga8 vlc-plugin-samba-3.0.14-1.mga8 vlc-plugin-sdl-3.0.14-1.mga8 vlc-plugin-lirc-3.0.14-1.mga8 vlc-plugin-aa-3.0.14-1.mga8 vlc-plugin-sndio-3.0.14-1.mga8 vlc-plugin-libnotify-3.0.14-1.mga8 vlc-plugin-mpc-3.0.14-1.mga8 vlc-plugin-chromaprint-3.0.14-1.mga8 vlc-plugin-sid-3.0.14-1.mga8
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8Assignee: smelror => qa-bugs
MGA8 - 64 bit The following 33 packages are going to be installed: - fonts-ttf-bitstream-vera-1.10-18.mga8.noarch - lib64aribb25_0-0.2.7-1.mga8.x86_64 - lib64cddb2-1.3.2-21.mga8.x86_64 - lib64crystalhd3-0-0.20110315.13.mga8.x86_64 - lib64dbus-devel-1.13.18-3.mga8.x86_64 - lib64dvbpsi10-1.3.3-2.mga8.x86_64 - lib64ebml5-1.4.1-1.mga8.x86_64 - lib64matroska7-1.6.2-1.mga8.x86_64 - lib64pcsclite1-1.9.0-1.mga8.x86_64 - lib64protobuf-lite25-3.14.0-1.mga8.x86_64 - lib64vlc-devel-3.0.14-1.mga8.x86_64 - lib64vlc5-3.0.14-1.mga8.x86_64 - lib64vlccore9-3.0.14-1.mga8.x86_64 - lib64xcb-composite0-1.14-1.mga8.x86_64 - lib64xcb-xv0-1.14-1.mga8.x86_64 - libcrystalhd-common-0-0.20110315.13.mga8.x86_64 - svlc-3.0.14-1.mga8.x86_64 - systemd-devel-246.13-2.mga8.x86_64 - vlc-3.0.14-1.mga8.x86_64 - vlc-plugin-aa-3.0.14-1.mga8.x86_64 - vlc-plugin-chromaprint-3.0.14-1.mga8.x86_64 - vlc-plugin-common-3.0.14-1.mga8.x86_64 - vlc-plugin-dv-3.0.14-1.mga8.x86_64 - vlc-plugin-flac-3.0.14-1.mga8.x86_64 - vlc-plugin-fluidsynth-3.0.14-1.mga8.x86_64 - vlc-plugin-gme-3.0.14-1.mga8.x86_64 - vlc-plugin-gnutls-3.0.14-1.mga8.x86_64 - vlc-plugin-lua-3.0.14-1.mga8.x86_64 - vlc-plugin-opengl-3.0.14-1.mga8.x86_64 - vlc-plugin-pulse-3.0.14-1.mga8.x86_64 - vlc-plugin-samba-3.0.14-1.mga8.x86_64 - vlc-plugin-theora-3.0.14-1.mga8.x86_64 - vlc-plugin-vdpau-3.0.14-1.mga8.x86_64 62MB of additional disk space will be used. Played flac and Mp4 video working so far.
CC: (none) => brtians1
Installed and tested tainted version without issues. Tested: - Various file formats and codecs; - Video, audio and image; - Tested local files, http(s), rtsp (IP camera); - Tested UPNP/DLNA from media server mediadlnad; - Tested application/screen capture; - Tested video decoding VDPAU hardware acceleration. All worked. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver. $ uname -a Linux marte 5.10.41-desktop-1.mga7 #1 SMP Fri May 28 14:28:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep -i vlc | sort lib64vlc5-3.0.14-1.mga7.tainted lib64vlccore9-3.0.14-1.mga7.tainted phonon4qt5-vlc-0.10.2-2.mga7 vlc-3.0.14-1.mga7.tainted vlc-plugin-common-3.0.14-1.mga7.tainted vlc-plugin-flac-3.0.14-1.mga7.tainted vlc-plugin-gnutls-3.0.14-1.mga7.tainted vlc-plugin-libass-3.0.14-1.mga7.tainted vlc-plugin-lua-3.0.14-1.mga7.tainted vlc-plugin-projectm-3.0.14-1.mga7.tainted vlc-plugin-pulse-3.0.14-1.mga7.tainted vlc-plugin-samba-3.0.14-1.mga7.tainted vlc-plugin-speex-3.0.14-1.mga7.tainted vlc-plugin-theora-3.0.14-1.mga7.tainted vlc-plugin-upnp-3.0.14-1.mga7.tainted vlc-plugin-vdpau-3.0.14-1.mga7.tainted
CC: (none) => mageia
Comment 5 tested the mga7 tainted version. Testing the mga7 core version, and the packages of Bug 28278: The following 11 packages are going to be installed: - lib64ebml5-1.4.2-1.mga7.x86_64 - lib64matroska6-1.5.0-2.1.mga7.x86_64 - lib64vlc5-3.0.14-1.mga7.x86_64 - lib64vlccore9-3.0.14-1.mga7.x86_64 - vlc-3.0.14-1.mga7.x86_64 - vlc-plugin-common-3.0.14-1.mga7.x86_64 - vlc-plugin-flac-3.0.14-1.mga7.x86_64 - vlc-plugin-pulse-3.0.14-1.mga7.x86_64 - vlc-plugin-speex-3.0.14-1.mga7.x86_64 - vlc-plugin-theora-3.0.14-1.mga7.x86_64 - vlc-plugin-vdpau-3.0.14-1.mga7.x86_64 No installation issues. Played .mp4, .avi, .mkv files, no issues noted. Giving this a mga7 OK.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OKCC: (none) => andrewsfarm
Comment 4 tested the mga8 core version. Testing the mga8 tainted version: The following 12 packages are going to be installed: - lib64vlc5-3.0.14-1.mga8.tainted.x86_64 - lib64vlccore9-3.0.14-1.mga8.tainted.x86_64 - vlc-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-common-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-flac-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-lua-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-opengl-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-pulse-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-samba-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-speex-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-theora-3.0.14-1.mga8.tainted.x86_64 - vlc-plugin-vdpau-3.0.14-1.mga8.tainted.x86_64 No installation issues. Played another selection of videos, including some of Field of Dreams (If you build it, He will come.) No issues noted. Giving this a mga8 OK, and validating.
Keywords: (none) => validated_updateWhiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA9-64-OKCC: (none) => sysadmin-bugs
oops. typo.
Whiteboard: MGA7TOO MGA7-64-OK MGA9-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Advisory: ======================== Updated vlc packages fix security vulnerabilities: A remote user could create a specifically crafted file that could trigger some various issues. It is possible to trigger a remote code execution through a specifically crafted playlist, and tricking the user into interacting with that playlist elements. It is also possible to trigger read or write buffer overflows with some crafted files or by a MITM attack on the automatic updater If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user. We updated VLC to latest version available. References: - https://bugs.mageia.org/show_bug.cgi?id=28930 - https://www.videolan.org/security/sb-vlc3013.html - https://www.videolan.org/vlc/releases/3.0.13.html - https://code.videolan.org/videolan/vlc-3.0/-/raw/master/NEWS - https://git.videolan.org/?p=vlc/vlc-3.0.git;a=blob;f=NEWS;h=e5dd1855e797179ec3a0bee2cae4ac68705a70cc;hb=41878ff4f2a4b566cf0a1bd15f72037b2be98a18 ======================== Updated packages in 8/core/updates_testing: ======================== lib(64)vlc-devel-3.0.14-1.mga8 lib(64)vlc5-3.0.14-1.mga8 lib(64)vlccore9-3.0.14-1.mga8 svlc-3.0.14-1.mga8 vlc-3.0.14-1.mga8 vlc-plugin-aa-3.0.14-1.mga8 vlc-plugin-chromaprint-3.0.14-1.mga8 vlc-plugin-common-3.0.14-1.mga8 vlc-plugin-dv-3.0.14-1.mga8 vlc-plugin-flac-3.0.14-1.mga8 vlc-plugin-fluidsynth-3.0.14-1.mga8 vlc-plugin-gme-3.0.14-1.mga8 vlc-plugin-gnutls-3.0.14-1.mga8 vlc-plugin-jack-3.0.14-1.mga8 vlc-plugin-kate-3.0.14-1.mga8 vlc-plugin-libass-3.0.14-1.mga8 vlc-plugin-libnotify-3.0.14-1.mga8 vlc-plugin-lirc-3.0.14-1.mga8 vlc-plugin-lua-3.0.14-1.mga8 vlc-plugin-mod-3.0.14-1.mga8 vlc-plugin-mpc-3.0.14-1.mga8 vlc-plugin-ncurses-3.0.14-1.mga8 vlc-plugin-opengl-3.0.14-1.mga8 vlc-plugin-projectm-3.0.14-1.mga8 vlc-plugin-pulse-3.0.14-1.mga8 vlc-plugin-rist-3.0.14-1.mga8 vlc-plugin-samba-3.0.14-1.mga8 vlc-plugin-schroedinger-3.0.14-1.mga8 vlc-plugin-sdl-3.0.14-1.mga8 vlc-plugin-shout-3.0.14-1.mga8 vlc-plugin-sid-3.0.14-1.mga8 vlc-plugin-sndio-3.0.14-1.mga8 vlc-plugin-speex-3.0.14-1.mga8 vlc-plugin-theora-3.0.14-1.mga8 vlc-plugin-twolame-3.0.14-1.mga8 vlc-plugin-upnp-3.0.14-1.mga8 vlc-plugin-vdpau-3.0.14-1.mga8 vlc-plugin-zvbi-3.0.14-1.mga8 and Updated packages in 8/tainted/updates_testing: ======================== lib(64)vlc-devel-3.0.14-1.mga8.tainted lib(64)vlc5-3.0.14-1.mga8.tainted lib(64)vlccore9-3.0.14-1.mga8.tainted svlc-3.0.14-1.mga8.tainted vlc-3.0.14-1.mga8.tainted vlc-plugin-aa-3.0.14-1.mga8.tainted vlc-plugin-chromaprint-3.0.14-1.mga8.tainted vlc-plugin-common-3.0.14-1.mga8.tainted vlc-plugin-dv-3.0.14-1.mga8.tainted vlc-plugin-fdkaac-3.0.14-1.mga8.tainted vlc-plugin-flac-3.0.14-1.mga8.tainted vlc-plugin-fluidsynth-3.0.14-1.mga8.tainted vlc-plugin-gme-3.0.14-1.mga8.tainted vlc-plugin-gnutls-3.0.14-1.mga8.tainted vlc-plugin-jack-3.0.14-1.mga8.tainted vlc-plugin-kate-3.0.14-1.mga8.tainted vlc-plugin-libass-3.0.14-1.mga8.tainted vlc-plugin-libnotify-3.0.14-1.mga8.tainted vlc-plugin-lirc-3.0.14-1.mga8.tainted vlc-plugin-lua-3.0.14-1.mga8.tainted vlc-plugin-mod-3.0.14-1.mga8.tainted vlc-plugin-mpc-3.0.14-1.mga8.tainted vlc-plugin-ncurses-3.0.14-1.mga8.tainted vlc-plugin-opengl-3.0.14-1.mga8.tainted vlc-plugin-projectm-3.0.14-1.mga8.tainted vlc-plugin-pulse-3.0.14-1.mga8.tainted vlc-plugin-rist-3.0.14-1.mga8.tainted vlc-plugin-samba-3.0.14-1.mga8.tainted vlc-plugin-schroedinger-3.0.14-1.mga8.tainted vlc-plugin-sdl-3.0.14-1.mga8.tainted vlc-plugin-shout-3.0.14-1.mga8.tainted vlc-plugin-sid-3.0.14-1.mga8.tainted vlc-plugin-sndio-3.0.14-1.mga8.tainted vlc-plugin-speex-3.0.14-1.mga8.tainted vlc-plugin-theora-3.0.14-1.mga8.tainted vlc-plugin-twolame-3.0.14-1.mga8.tainted vlc-plugin-upnp-3.0.14-1.mga8.tainted vlc-plugin-vdpau-3.0.14-1.mga8.tainted vlc-plugin-zvbi-3.0.14-1.mga8.tainted from SRPM: vlc-3.0.14-1.mga8 ======================== Updated packages in 7/core/updates_testing: ======================== lib(64)vlc-devel-3.0.14-1.mga7 lib(64)vlc5-3.0.14-1.mga7 lib(64)vlccore9-3.0.14-1.mga7 svlc-3.0.14-1.mga7 vlc-3.0.14-1.mga7 vlc-plugin-aa-3.0.14-1.mga7 vlc-plugin-chromaprint-3.0.14-1.mga7 vlc-plugin-common-3.0.14-1.mga7 vlc-plugin-dv-3.0.14-1.mga7 vlc-plugin-flac-3.0.14-1.mga7 vlc-plugin-fluidsynth-3.0.14-1.mga7 vlc-plugin-gme-3.0.14-1.mga7 vlc-plugin-gnutls-3.0.14-1.mga7 vlc-plugin-jack-3.0.14-1.mga7 vlc-plugin-kate-3.0.14-1.mga7 vlc-plugin-libass-3.0.14-1.mga7 vlc-plugin-libnotify-3.0.14-1.mga7 vlc-plugin-lirc-3.0.14-1.mga7 vlc-plugin-lua-3.0.14-1.mga7 vlc-plugin-mod-3.0.14-1.mga7 vlc-plugin-mpc-3.0.14-1.mga7 vlc-plugin-ncurses-3.0.14-1.mga7 vlc-plugin-opengl-3.0.14-1.mga7 vlc-plugin-projectm-3.0.14-1.mga7 vlc-plugin-pulse-3.0.14-1.mga7 vlc-plugin-rist-3.0.14-1.mga7 vlc-plugin-samba-3.0.14-1.mga7 vlc-plugin-schroedinger-3.0.14-1.mga7 vlc-plugin-sdl-3.0.14-1.mga7 vlc-plugin-shout-3.0.14-1.mga7 vlc-plugin-sid-3.0.14-1.mga7 vlc-plugin-sndio-3.0.14-1.mga7 vlc-plugin-speex-3.0.14-1.mga7 vlc-plugin-theora-3.0.14-1.mga7 vlc-plugin-twolame-3.0.14-1.mga7 vlc-plugin-upnp-3.0.14-1.mga7 vlc-plugin-vdpau-3.0.14-1.mga7 vlc-plugin-zvbi-3.0.14-1.mga7 and Updated packages in 7/tainted/updates_testing: ======================== lib(64)vlc-devel-3.0.14-1.mga7.tainted lib(64)vlc5-3.0.14-1.mga7.tainted lib(64)vlccore9-3.0.14-1.mga7.tainted svlc-3.0.14-1.mga7.tainted vlc-3.0.14-1.mga7.tainted vlc-plugin-aa-3.0.14-1.mga7.tainted vlc-plugin-chromaprint-3.0.14-1.mga7.tainted vlc-plugin-common-3.0.14-1.mga7.tainted vlc-plugin-dv-3.0.14-1.mga7.tainted vlc-plugin-fdkaac-3.0.14-1.mga7.tainted vlc-plugin-flac-3.0.14-1.mga7.tainted vlc-plugin-fluidsynth-3.0.14-1.mga7.tainted vlc-plugin-gme-3.0.14-1.mga7.tainted vlc-plugin-gnutls-3.0.14-1.mga7.tainted vlc-plugin-jack-3.0.14-1.mga7.tainted vlc-plugin-kate-3.0.14-1.mga7.tainted vlc-plugin-libass-3.0.14-1.mga7.tainted vlc-plugin-libnotify-3.0.14-1.mga7.tainted vlc-plugin-lirc-3.0.14-1.mga7.tainted vlc-plugin-lua-3.0.14-1.mga7.tainted vlc-plugin-mod-3.0.14-1.mga7.tainted vlc-plugin-mpc-3.0.14-1.mga7.tainted vlc-plugin-ncurses-3.0.14-1.mga7.tainted vlc-plugin-opengl-3.0.14-1.mga7.tainted vlc-plugin-projectm-3.0.14-1.mga7.tainted vlc-plugin-pulse-3.0.14-1.mga7.tainted vlc-plugin-rist-3.0.14-1.mga7.tainted vlc-plugin-samba-3.0.14-1.mga7.tainted vlc-plugin-schroedinger-3.0.14-1.mga7.tainted vlc-plugin-sdl-3.0.14-1.mga7.tainted vlc-plugin-shout-3.0.14-1.mga7.tainted vlc-plugin-sid-3.0.14-1.mga7.tainted vlc-plugin-sndio-3.0.14-1.mga7.tainted vlc-plugin-speex-3.0.14-1.mga7.tainted vlc-plugin-theora-3.0.14-1.mga7.tainted vlc-plugin-twolame-3.0.14-1.mga7.tainted vlc-plugin-upnp-3.0.14-1.mga7.tainted vlc-plugin-vdpau-3.0.14-1.mga7.tainted vlc-plugin-zvbi-3.0.14-1.mga7.tainted from SRPM: vlc-3.0.14-1.mga7
CC: (none) => ouaurelien
In last comment, forgot to add: SRPMs: - vlc-3.0.14-1.mga7.tainted - vlc-3.0.14-1.mga8.tainted
I noticed the tainted published here. The following 11 packages are going to be installed: - lib64dvdcss2-1.4.2-2.mga7.tainted.x86_64 - lib64ebml5-1.4.2-1.mga7.x86_64 - lib64vlc5-3.0.14-1.mga7.tainted.x86_64 - lib64vlccore9-3.0.14-1.mga7.tainted.x86_64 - vlc-3.0.14-1.mga7.tainted.x86_64 - vlc-plugin-common-3.0.14-1.mga7.tainted.x86_64 - vlc-plugin-flac-3.0.14-1.mga7.tainted.x86_64 - vlc-plugin-pulse-3.0.14-1.mga7.tainted.x86_64 - vlc-plugin-speex-3.0.14-1.mga7.tainted.x86_64 - vlc-plugin-theora-3.0.14-1.mga7.tainted.x86_64 - vlc-plugin-vdpau-3.0.14-1.mga7.tainted.x86_64 895KB of additional disk space will be used. DVD plays, other videos as well.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0227.html
Status: NEW => RESOLVEDResolution: (none) => FIXED