* [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.20
@ 2023-11-28 20:12 Fabrice Fontaine
2023-11-28 20:51 ` Peter Korsgaard
2023-11-30 22:43 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-11-28 20:12 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls, Simon Dawson, Fabrice Fontaine
Fix CVE-2023-47359: Videolan VLC prior to version 3.0.20 contains an
incorrect offset read that leads to a Heap-Based Buffer Overflow in
function GetPacket() and results in a memory corruption.
Fix CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an
Integer underflow that leads to an incorrect packet length.
https://code.videolan.org/videolan/vlc/-/blob/3.0.20/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/vlc/vlc.hash | 8 ++++----
package/vlc/vlc.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
index ef381e5934..40529bd664 100644
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,7 +1,7 @@
-# From https://get.videolan.org/vlc/3.0.19/vlc-3.0.19.tar.xz.sha256
-sha256 643e3294bafe922324663ca499515b7564f2794575fd7d2b7992d20896381745 vlc-3.0.19.tar.xz
-# From https://get.videolan.org/vlc/3.0.19/vlc-3.0.19.tar.xz.sha1
-sha1 6d162248a26fdd76a9d4e7e3d52f40d4326f72c1 vlc-3.0.19.tar.xz
+# From https://get.videolan.org/vlc/3.0.20/vlc-3.0.20.tar.xz.sha256
+sha256 adc7285b4d2721cddf40eb5270cada2aaa10a334cb546fd55a06353447ba29b5 vlc-3.0.20.tar.xz
+# From https://get.videolan.org/vlc/3.0.20/vlc-3.0.20.tar.xz.sha1
+sha1 b834516ab701bf6311980ed5d67b77c834fdebe7 vlc-3.0.20.tar.xz
# Locally computed
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index 729e928b4d..d0fc1744c0 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-VLC_VERSION = 3.0.19
+VLC_VERSION = 3.0.20
VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
VLC_LICENSE = GPL-2.0+, LGPL-2.1+
--
2.42.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.20
2023-11-28 20:12 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.20 Fabrice Fontaine
@ 2023-11-28 20:51 ` Peter Korsgaard
2023-11-30 22:43 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-11-28 20:51 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Bernd Kuhls, Simon Dawson, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2023-47359: Videolan VLC prior to version 3.0.20 contains an
> incorrect offset read that leads to a Heap-Based Buffer Overflow in
> function GetPacket() and results in a memory corruption.
> Fix CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an
> Integer underflow that leads to an incorrect packet length.
> https://code.videolan.org/videolan/vlc/-/blob/3.0.20/NEWS
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.20
2023-11-28 20:12 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.20 Fabrice Fontaine
2023-11-28 20:51 ` Peter Korsgaard
@ 2023-11-30 22:43 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-11-30 22:43 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Bernd Kuhls, Simon Dawson, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2023-47359: Videolan VLC prior to version 3.0.20 contains an
> incorrect offset read that leads to a Heap-Based Buffer Overflow in
> function GetPacket() and results in a memory corruption.
> Fix CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an
> Integer underflow that leads to an incorrect packet length.
> https://code.videolan.org/videolan/vlc/-/blob/3.0.20/NEWS
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2023.02.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-11-30 22:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-28 20:12 [Buildroot] [PATCH 1/1] package/vlc: security bump to version 3.0.20 Fabrice Fontaine
2023-11-28 20:51 ` Peter Korsgaard
2023-11-30 22:43 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox