Urgh, I attached a completely unrelated file from another directory... apologies, here's the ACTUAL file applicable to 2.2.2-5ubuntu0.16.04.2.
** Patch added: "1-2.2.2-5ubuntu0.16.04.3.debdiff" https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4911982/+files/1-2.2.2-5ubuntu0.16.04.3.debdiff ** Patch removed: "2.2.12-10ubuntu1.patch" https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4911981/+files/2.2.12-10ubuntu1.patch ** Description changed: - VLC 2.2.5.1 fixes buffer overflow and out of bound read bugs related to subtitle decoding. A company called "Check Point" appears to have reported them, but they did not release any details. [1] - At least the following 5 commits relate to these bugs: [2] + This bug is meant to track the following public VLC CVEs and their + status in Ubuntu. Here are the affected Ubuntu releases and the CVEs + that affect that specific release: - Presumably all currently supported Ubuntu releases are affected by at - least one bug fixed by the patches. - - By the way, there seem to be other security related commits in VLC that - might need backporting, e.g. [3] [4] - - [1]: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ - [2]: https://github.com/videolan/vlc/search?q=checkpoint&type=Commits&utf8=%E2%9C%93 - [3]: https://github.com/videolan/vlc/search?o=desc&p=1&q=overflow&s=committer-date&type=Commits&utf8=%E2%9C%93 - [4]: https://github.com/videolan/vlc/search?o=desc&q=out+of+bound&s=committer-date&type=Commits&utf8=%E2%9C%93 + - Xenial: + - 2016-5108 + - 2017-10699 + - 2017-8310 + - 2017-8311 + - 2017-8312 + - 2017-8313 ** Summary changed: - Possible remote code execution related to subtitles + Fix out-of-bounds read, potential heap buffer overflow, and other CVEs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1693893 Title: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
