Changelog
vlc (3.0.8-1) unstable; urgency=medium
* New upstream release.
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
* debian/: Remove crystalhd plugin. libcrystalhd-dev is scheduled for
removal.
* debian/patches: Remove patches included upstream.
* debian/control: Switch back to libmodplug-dev since vlc now requires
0.8.9.
-- Sebastian Ramacher <email address hidden> Mon, 19 Aug 2019 18:50:39 +0200