* [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23
@ 2026-01-06 19:26 Bernd Kuhls
2026-01-07 14:09 ` Thomas Petazzoni via buildroot
2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2026-01-06 19:26 UTC (permalink / raw)
To: buildroot; +Cc: Simon Dawson
https://code.videolan.org/videolan/vlc/-/blob/3.0.23/NEWS
"Security:
* Fix null deref in libass, undefined shift in theora and cc-708,
integer overflow in daala, Infinite loop in h264 parsing, buffer
overflow in png and multiple format-overflows"
https://code.videolan.org/videolan/vlc/-/tags/3.0.23
"It also adds a small feature on audio codec information, and fixes extra
security issues compared to the numerous we fixed in 3.0.22."
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
package/vlc/vlc.hash | 8 ++++----
package/vlc/vlc.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
index 6733a870b1..9634ba3f1f 100644
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,7 +1,7 @@
-# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha256
-sha256 e2cc1cf0ae0902a09da5a37c249a8a4e4b5ec4dc095443b8e1493c6a7cc138ea vlc-3.0.22.tar.xz
-# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha1
-sha1 f9871439cdb281e18a78828c389cf7bf66d47d69 vlc-3.0.22.tar.xz
+# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha256
+sha256 e891cae6aa3ccda69bf94173d5105cbc55c7a7d9b1d21b9b21666e69eff3e7e0 vlc-3.0.23.tar.xz
+# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha1
+sha1 7b8c00a9c5bb879a403d5328c99924eefe01739a vlc-3.0.23.tar.xz
# Locally computed
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index 9091a7e7fa..07aeefd193 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-VLC_VERSION = 3.0.22
+VLC_VERSION = 3.0.23
VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
VLC_LICENSE = GPL-2.0+, LGPL-2.1+
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23
2026-01-06 19:26 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23 Bernd Kuhls
@ 2026-01-07 14:09 ` Thomas Petazzoni via buildroot
2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-01-07 14:09 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot, Simon Dawson
On Tue, 6 Jan 2026 20:26:26 +0100
Bernd Kuhls <bernd@kuhls.net> wrote:
> https://code.videolan.org/videolan/vlc/-/blob/3.0.23/NEWS
> "Security:
> * Fix null deref in libass, undefined shift in theora and cc-708,
> integer overflow in daala, Infinite loop in h264 parsing, buffer
> overflow in png and multiple format-overflows"
>
> https://code.videolan.org/videolan/vlc/-/tags/3.0.23
> "It also adds a small feature on audio codec information, and fixes extra
> security issues compared to the numerous we fixed in 3.0.22."
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> ---
> package/vlc/vlc.hash | 8 ++++----
> package/vlc/vlc.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23
2026-01-06 19:26 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23 Bernd Kuhls
2026-01-07 14:09 ` Thomas Petazzoni via buildroot
@ 2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2026-01-19 10:09 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: Arnout Vandecappelle, buildroot
In reply of:
> https://code.videolan.org/videolan/vlc/-/blob/3.0.23/NEWS
> "Security:
> * Fix null deref in libass, undefined shift in theora and cc-708,
> integer overflow in daala, Infinite loop in h264 parsing, buffer
> overflow in png and multiple format-overflows"
>
> https://code.videolan.org/videolan/vlc/-/tags/3.0.23
> "It also adds a small feature on audio codec information, and fixes extra
> security issues compared to the numerous we fixed in 3.0.22."
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Applied to 2025.02.x and 2025.11.x. Thanks
> ---
> package/vlc/vlc.hash | 8 ++++----
> package/vlc/vlc.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
> index 6733a870b1..9634ba3f1f 100644
> --- a/package/vlc/vlc.hash
> +++ b/package/vlc/vlc.hash
> @@ -1,7 +1,7 @@
> -# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha256
> -sha256 e2cc1cf0ae0902a09da5a37c249a8a4e4b5ec4dc095443b8e1493c6a7cc138ea vlc-3.0.22.tar.xz
> -# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha1
> -sha1 f9871439cdb281e18a78828c389cf7bf66d47d69 vlc-3.0.22.tar.xz
> +# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha256
> +sha256 e891cae6aa3ccda69bf94173d5105cbc55c7a7d9b1d21b9b21666e69eff3e7e0 vlc-3.0.23.tar.xz
> +# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha1
> +sha1 7b8c00a9c5bb879a403d5328c99924eefe01739a vlc-3.0.23.tar.xz
> # Locally computed
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
> sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
> diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
> index 9091a7e7fa..07aeefd193 100644
> --- a/package/vlc/vlc.mk
> +++ b/package/vlc/vlc.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -VLC_VERSION = 3.0.22
> +VLC_VERSION = 3.0.23
> VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
> VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
> VLC_LICENSE = GPL-2.0+, LGPL-2.1+
> --
> 2.47.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-01-19 10:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-06 19:26 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23 Bernd Kuhls
2026-01-07 14:09 ` Thomas Petazzoni via buildroot
2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.