vlc

vlc 1.1.4

VLC media player

http://www.videolan.org/vlc

Packager: Serdar Dalgıç

License: GPLv2

Actions

Build files

Bug reports

Binary packages

vlc
vlc-firefox

Release history

ReleaseRelease dateVersionUpdaterComment
532011-07-201.1.4Serdar DalgıçAdd fixes for heap buffer overflows in real and avi demuxers, CVE-2011-2587 and CVE-2011-2588.
522011-06-131.1.4Serdar DalgıçFix realloc() buffer overflow in xspf demuxer, CVE-2011-2194, pb #18346.
512011-04-121.1.4Serdar DalgıçFix heap corruption in MP4 demultiplexer VideoLAN-SA-1103, pb #17747.
502011-02-091.1.4Serdar DalgıçCVE-2011-0531.patch: Insufficient input validation in MKV demuxer (CVE-2011-0531), pardus bug 16806.
492011-02-071.1.4Serdar DalgıçCVE-2011-0021.patch: Fix heap overflows in CDG decoder (CVE-2011-0021). pardus 16768.
482011-01-311.1.4Serdar DalgıçCVE-2011-0522.patch: Fix subtitle StripTags heap corruption (CVE-2011-0522). pardus 16513.
472011-01-051.1.4Serdar DalgıçCVE-2010-3907.patch: VLC Media Player Real Demuxer File Handling Array Indexing Vulnerability, pardus 16009.
462010-12-201.1.4Serdar Dalgıç* Write strict dependency for libprojectM, (pardus #15681)
* when the hell did I remove libmtp dependency?
452010-11-301.1.4Onur KüçükDepend on latest x264
442010-11-031.1.4Onur KüçükWrite strict dependency to new version of x264
432010-10-111.1.4Serdar DalgıçReleaseFrom is usefull than Release while writing dependencies.
422010-09-281.1.4Serdar DalgıçWrite strict dependencies and remove some unused deps.
412010-09-141.1.4Serdar DalgıçTag new release as a security update, see CVE-2010-2937 for details. Fixes #13974.
402010-09-101.1.4Serdar DalgıçVersion bump with many security fixes.
392010-09-011.1.2Serdar DalgıçVersion bump, add missing deps, reorganize patches, reorganize configure parameters.
382010-08-271.0.6Onur KüçükRemove essential dependency
372010-05-271.0.6Onur KüçükWrite strict dependency to new version of x264,libva
362010-05-131.0.6Onur KüçükWrite strict dependency to new version of kdepimlibs,qt,kdebase,kdebase-runtime,kdebase-workspace,kdelibs,kdelibs-devel,kdepimlibs-devel
352010-04-271.0.6Serdar Dalgıç- Add missing dependencies: fontconfig, gtk2, libebml, libmtp, libXext, libXinerama, libXv, libXxf86vm, schroedinger, taglib, twolame and xcb-util.
- Version bump:
Access:
* Fix crash on FTP URI with no file path
Decoders/Packetizers:
* Fix overflows in A/52, DTS, MPEG Audio and subtitles support
Demuxers:
* Update LUA script for Youtube pages
* Fix crashes in AVI, ASF and Matroska files
* Fix crashes on malformatted ZIP archives
* Fix crashes and leaks in the FFmpeg/avformat plugin
* Fix crash on invalid XSPF playlist
X11 port:
* Partial Xlib threading fixes.
Interfaces:
* Fix crash (use after free) in Qt4 bookmarks
* Fix a few crashes in Qt4 playlist
Translations fixes.
Removed modules:
* RTMP input and output are removed due to security problems. Please update to VLC 1.1.0 which provides an FFmpeg-based RTMP input if needed. (Serdar s note, I will :) )
- Will fix bug # 12740.
342010-03-201.0.5Gökçen EraslanAdd libproxy dependency.
332010-02-101.0.5Onur KüçükDepend on new x264 and faad2
322010-02-021.0.5Serdar DalgıçBump to latest stable 1.0.5; changes from 1.0.4 to 1.0.5:
Decoders:
* SubRip extra styles improvements
* Fix potential crashes in SSA and svg decoders
Translations: various translation improvements.
312009-12-141.0.4Serdar Dalgıç* Version bump to 1.0.4. See NEWS file for changes between releases, Changelog for detailed changes.
* Add MimeType to vlc.desktop, so that vlc is added to right click Open With menus.
302009-10-201.0.2Onur KüçükFix bframe pyramid in x264
292009-10-161.0.2Onur KüçükDepend on new x264
Remove cvs dependency
282009-09-201.0.2Serdar DalgıçVersion bump to 1.0.2. See Changelog for the details
272009-09-181.0.1Serdar DalgıçMultiple stack-based buffer overflows in ASF, AVI, MP4 demuxers. Pardus bug no:11188, Q4, S3.
262009-07-301.0.1Serdar Dalgıç-- Version bump to 1.0.1 version that fixes most of the notable bugs and regressions that were present in the 1.0.0 version:
* fix flv and mpeg2 seeking,
* fixes for wmv, wav, rtsp and ssa support,
* fix sound recording of .flv files with mp3 audio
* Add extra caching for files on network shares
* fixes for Qt and Mac OS X interface,
* fix an integer underflow in Real pseudo-RTSP module,
* updates of some translations.
-- Add missing dependencies: libtar and fluidsynth
Security information: Q4 for quality of update, S4 for severity
252009-07-141.0.0Serdar Dalgıç- Major Version bump to 1.0.0, patches are reorganized.
242008-12-020.9.8Ozan Çağlayan- Version bump to 0.9.8,
- Remove rtsp-tcp patch as it breaks RTSP streams.
232008-08-230.8.6iPınar YanardağMMS Integer handling fixes, including buffer overflow.
222008-08-230.8.6iPınar YanardağFix multiple vulnerabilities including TTA related DoS attack issue. (CVE-2008-3732)
212008-07-310.8.6iEkin MeroğluAdd missing sdl-image dependency
202008-07-310.8.6iOnur KüçükDepend on new dvdnav for var/pisi problem fix
192008-07-180.8.6iGökçen EraslanVersion bump:
Security updates
* Fixed integer overflow in WAV demuxer (CVE-2008-2430)

Various bugfixes
* Fixed option to use shared memory within the GLX video output module
* Improved galaktos-based audio visualizations on FreeBSD
* Miscellaneous bugfixes in multiple modules and in libvlc (transcode stream output, OSD menu video filter, VCD input, SAP services discovery, http control interface)
* Updated Polish translation
182008-07-030.8.6hEren TürkayFix WAV Processing Integer Overflow, CVE-2008-2430.
172008-06-090.8.6hEren TürkayVersion bump to fix GnuTLS, Libxml2 vulnerabilities. CVE-2008-1948, CVE-2008-1949, CVE-2008-1950, CVE-2007-6284
162008-06-050.8.6gOnur KüçükVersion bump to fix CVE-2007-6683, CVE-2008-2147, CVE-2008-2109, CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 and various bugfixes
152008-05-010.8.6fEren TürkayRe fix buffer overflow in speex decoder, CVE-2008-1686. New version of VLC didn't include this patch.
142008-04-230.8.6fOnur KüçükAdd lots of fixes, port to new dca ffmpeg etc., add pulseaudio support and make it default, compile with 2008 chain etc.
132008-04-230.8.6fGökçen EraslanVersion bump
122008-03-250.8.6eEren TürkayFix CVE-2008-1489
112008-03-190.8.6eEren TürkayAdd patch to fix array indexing vulnerability while streaming RTSP, https://trac.videolan.org/vlc/ticket/1531
102008-03-180.8.6eEren TürkayAdd patch to fix subtitle buffer overflow, https://trac.videolan.org/vlc/ticket/1526
92008-02-270.8.6eGökçen EraslanVersion bump (fix CVE-2008-0984)
82008-01-210.8.6cİsmail DönmezCorrectly enable Firefox plugin
72008-01-110.8.6cİsmail DönmezFix multiple security vulnerabilities
62007-09-230.8.6cİsmail DönmezFix crashes with X11 output
52007-06-180.8.6cİsmail DönmezStable update to fix multiple vulnerabilities
42007-04-290.8.6bİsmail DönmezLots of cleanups
32007-04-210.8.6bİsmail DönmezStable update
22007-03-100.8.6aİsmail DönmezCompile with new flac
12007-02-050.8.6aAli Erdinç KöroğluFirst release.

Patches

default-font.patch
osdmenu-path-vlc-1.0.0.patch
altivec_in_vlc.1.0.0.patch
300_all_pic.patch
020_all_check_headers_regexps.patch
CVE-2010-3907.patch
CVE-2011-0522.patch
CVE-2011-0021.patch
CVE-2011-0531.patch
VideoLAN-SA-1103.patch
CVE-2011-2194-fix-realloc-buffer-overflow.patch
CVE-2011-2587-fix-heap-buffer-overflow-in-real-demuxer.patch
CVE-2011-2588-fix-heap-buffer-overflow-in-avi-demuxer.patch