Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23
@ 2026-01-06 19:26 Bernd Kuhls
  2026-01-07 14:09 ` Thomas Petazzoni via buildroot
  2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2026-01-06 19:26 UTC (permalink / raw)
  To: buildroot; +Cc: Simon Dawson

https://code.videolan.org/videolan/vlc/-/blob/3.0.23/NEWS
"Security:
 * Fix null deref in libass, undefined shift in theora and cc-708,
   integer overflow in daala, Infinite loop in h264 parsing, buffer
   overflow in png and multiple format-overflows"

https://code.videolan.org/videolan/vlc/-/tags/3.0.23
"It also adds a small feature on audio codec information, and fixes extra
 security issues compared to the numerous we fixed in 3.0.22."

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/vlc/vlc.hash | 8 ++++----
 package/vlc/vlc.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
index 6733a870b1..9634ba3f1f 100644
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,7 +1,7 @@
-# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha256
-sha256  e2cc1cf0ae0902a09da5a37c249a8a4e4b5ec4dc095443b8e1493c6a7cc138ea  vlc-3.0.22.tar.xz
-# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha1
-sha1  f9871439cdb281e18a78828c389cf7bf66d47d69  vlc-3.0.22.tar.xz
+# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha256
+sha256  e891cae6aa3ccda69bf94173d5105cbc55c7a7d9b1d21b9b21666e69eff3e7e0  vlc-3.0.23.tar.xz
+# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha1
+sha1  7b8c00a9c5bb879a403d5328c99924eefe01739a  vlc-3.0.23.tar.xz
 # Locally computed
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index 9091a7e7fa..07aeefd193 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VLC_VERSION = 3.0.22
+VLC_VERSION = 3.0.23
 VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23
  2026-01-06 19:26 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23 Bernd Kuhls
@ 2026-01-07 14:09 ` Thomas Petazzoni via buildroot
  2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-01-07 14:09 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot, Simon Dawson

On Tue,  6 Jan 2026 20:26:26 +0100
Bernd Kuhls <bernd@kuhls.net> wrote:

> https://code.videolan.org/videolan/vlc/-/blob/3.0.23/NEWS
> "Security:
>  * Fix null deref in libass, undefined shift in theora and cc-708,
>    integer overflow in daala, Infinite loop in h264 parsing, buffer
>    overflow in png and multiple format-overflows"
> 
> https://code.videolan.org/videolan/vlc/-/tags/3.0.23
> "It also adds a small feature on audio codec information, and fixes extra
>  security issues compared to the numerous we fixed in 3.0.22."
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> ---
>  package/vlc/vlc.hash | 8 ++++----
>  package/vlc/vlc.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23
  2026-01-06 19:26 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23 Bernd Kuhls
  2026-01-07 14:09 ` Thomas Petazzoni via buildroot
@ 2026-01-19 10:09 ` Arnout Vandecappelle via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2026-01-19 10:09 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Arnout Vandecappelle, buildroot

In reply of:
> https://code.videolan.org/videolan/vlc/-/blob/3.0.23/NEWS
> "Security:
>  * Fix null deref in libass, undefined shift in theora and cc-708,
>    integer overflow in daala, Infinite loop in h264 parsing, buffer
>    overflow in png and multiple format-overflows"
> 
> https://code.videolan.org/videolan/vlc/-/tags/3.0.23
> "It also adds a small feature on audio codec information, and fixes extra
>  security issues compared to the numerous we fixed in 3.0.22."
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to 2025.02.x and 2025.11.x. Thanks

> ---
>  package/vlc/vlc.hash | 8 ++++----
>  package/vlc/vlc.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
> index 6733a870b1..9634ba3f1f 100644
> --- a/package/vlc/vlc.hash
> +++ b/package/vlc/vlc.hash
> @@ -1,7 +1,7 @@
> -# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha256
> -sha256  e2cc1cf0ae0902a09da5a37c249a8a4e4b5ec4dc095443b8e1493c6a7cc138ea  vlc-3.0.22.tar.xz
> -# From https://get.videolan.org/vlc/3.0.22/vlc-3.0.22.tar.xz.sha1
> -sha1  f9871439cdb281e18a78828c389cf7bf66d47d69  vlc-3.0.22.tar.xz
> +# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha256
> +sha256  e891cae6aa3ccda69bf94173d5105cbc55c7a7d9b1d21b9b21666e69eff3e7e0  vlc-3.0.23.tar.xz
> +# From https://get.videolan.org/vlc/3.0.23/vlc-3.0.23.tar.xz.sha1
> +sha1  7b8c00a9c5bb879a403d5328c99924eefe01739a  vlc-3.0.23.tar.xz
>  # Locally computed
>  sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
>  sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
> diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
> index 9091a7e7fa..07aeefd193 100644
> --- a/package/vlc/vlc.mk
> +++ b/package/vlc/vlc.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -VLC_VERSION = 3.0.22
> +VLC_VERSION = 3.0.23
>  VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
>  VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
>  VLC_LICENSE = GPL-2.0+, LGPL-2.1+
> -- 
> 2.47.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-01-19 10:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-06 19:26 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.23 Bernd Kuhls
2026-01-07 14:09 ` Thomas Petazzoni via buildroot
2026-01-19 10:09 ` Arnout Vandecappelle via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox