Package: vlc / 2.0.3-5+deb7u2

Metadata

Package Version Patches format
vlc 2.0.3-5+deb7u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
v4l kfreebsd.patch | (download)

modules/access/v4l2/v4l2.h | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 fix v4l2 build failure on kfreebsd.
link vlc cache gen with c++.patch | (download)

bin/Makefile.am | 2 1 + 1 - 0 !
bin/dummy.cpp | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 [patch] link vlc-cache-gen with the c++ standard library to avoid
 issues when we dlclose() a C++ plugin that was built with a
 faulty library that may have registered __cxa_atexit
 callbacks (usually through the libstdc++ that library was
 built with).
 .
 Upgrading libstdc++ is not always a solution since some code may have been
 inlined and we can't get rid of it.
link vlc with c++.patch | (download)

bin/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 link vlc with the c++ standard library
 See the corresponding vlc-cache-gen patch for more details.
bp fix hang caused by notify.patch | (download)

modules/notify/notify.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 [patch] revert "notify: add a callback to match telepathy, msn"
 .
 The "item-change" callback is called with the playlist lock held in
 at least one case: when the now playing meta is cleared while a new
 input is created by the playlist.
 .
 playlist_CurrentInput() acquires the playlist lock. So the
 "item-change" callback cannot call it. This bug is present in the
 Growl, MSN and Telepathy modules since version 1.0.0. It got copied
 into Notify in version 2.0.0.
 .
 This reverts commit fc56b92af1636c53a0545109a74476fe74c054a5.
 This should fix #6641.
 (cherry picked from commit 1e5f4b465a82745e8e7e5a5de491deac39554ed3)
CVE 2012 5470.patch | (download)

modules/codec/png.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 [patch] png: check length before read

Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
(cherry picked from commit b3b751cb99df71e3c0a18bcb38b4691cf98265fe)

Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>

CVE 2013 1868.patch | (download)

modules/codec/subsdec.c | 158 70 + 88 - 0 !
1 file changed, 70 insertions(+), 88 deletions(-)

---
CVE 2013 1954.patch | (download)

modules/demux/asf/asf.c | 74 50 + 24 - 0 !
1 file changed, 50 insertions(+), 24 deletions(-)

 [patch] asf demux: fix #8024

Replace macro with static inline and use bounds checking

CVE 2013 4388.patch | (download)

modules/packetizer/mpeg4audio.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

---
codec schroedinger fix potential buffer overflow.patch | (download)

modules/codec/schroedinger.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] codec: schroedinger: fix potential buffer overflow.
 The variable len is a raw 32 bit value read using GetDWBE. If this
 value is larger than UINT32_MAX - sizeof(eos), this will cause an
 integer overflow in the subsequent call to malloc, and finally a
 buffer overflow when calling memcpy. We fix this by checking len
 accordingly.
codec dirac fix potential buffer overflow.patch | (download)

modules/codec/dirac.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] codec: dirac: fix potential buffer overflow.
 The variable len is a raw 32 bit value read using GetDWBE. If this
 value is larger than UINT32_MAX - sizeof(eos), this will cause an
 integer overflow in the subsequent call to malloc, and finally a
 buffer overflow when calling memcpy. We fix this by checking len
 accordingly.
Bug-Debian: https://bugs.debian.org/775866
demux mp4 fix buffer overflow in parsing of string b.patch | (download)

modules/demux/mp4/libmp4.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 [patch] demux: mp4: fix buffer overflow in parsing of string boxes.
 We ensure that pbox->i_size is never smaller than 8 to avoid an
 integer underflow in the third argument of the subsequent call to
 memcpy. We also make sure no truncation occurs when passing values
 derived from the 64 bit integer p_box->i_size to arguments of malloc
 and memcpy that may be 32 bit integers on 32 bit platforms.
stream_out rtp don t use VLA for user controlled dat.patch | (download)

modules/stream_out/rtpfmt.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [patch] stream_out: rtp: don't use vla for user controlled data
 It should fix a possible invalid memory access
 .
 When streaming ogg-files via rtp, an ogg-file can trigger an invalid
 write access using an overly long 'configuration' string.
 .
 The original code attemps to allocate space to hold the string on the stack
 and hence, cannot verify if allocation succeeds. Instead, we now allocate the
 buffer on the heap and return if allocation fails.
 .
 In detail, rtp_packetize_xiph_config allocates a buffer on the stack at (1) where
 the size depends on the local variable 'len'. The variable 'len' is
 calculated at (0) to be the length of a string contained in a specially
 crafted Ogg Vorbis file, and therefore, it is attacker-controlled.