diff --git a/vlc-3.0.10.tar.xz b/vlc-3.0.10.tar.xz new file mode 100644 index 0000000..b2c24f0 --- /dev/null +++ b/vlc-3.0.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a966abfc7f3b2ff3adaa130306ecaf5d6ad3b6dc73385fc9ab0c1204029d4c31 +size 26096828 diff --git a/vlc-3.0.10.tar.xz.asc b/vlc-3.0.10.tar.xz.asc new file mode 100644 index 0000000..bd03282 --- /dev/null +++ b/vlc-3.0.10.tar.xz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQRl98a0IGvQV6frc3hxgHE75Y0a3AUCXqVsuQAKCRBxgHE75Y0a +3DokAKDLRkUZfgwaLPmdkcknqccxOVU3UQCfQu2oX13ACYH38p72VVgQ2BkeZ0o= +=QHh2 +-----END PGP SIGNATURE----- diff --git a/vlc-3.0.9.2.tar.xz b/vlc-3.0.9.2.tar.xz deleted file mode 100644 index 9cef66c..0000000 --- a/vlc-3.0.9.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a9bdad293d81cd48516abad8d490d8ab4012964ae541ff19e00021e071e47601 -size 25895876 diff --git a/vlc-3.0.9.2.tar.xz.asc b/vlc-3.0.9.2.tar.xz.asc deleted file mode 100644 index c2c302f..0000000 --- a/vlc-3.0.9.2.tar.xz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQRl98a0IGvQV6frc3hxgHE75Y0a3AUCXo8OUQAKCRBxgHE75Y0a -3MRuAJ9rw6YHNmAbLW1wHcAWVg+RDSDmLwCcCEXAfYzhkebOUtLNvf93QPWVd1s= -=SUQV ------END PGP SIGNATURE----- diff --git a/vlc.changes b/vlc.changes index abf8035..f9cf0a4 100644 --- a/vlc.changes +++ b/vlc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 29 14:14:21 UTC 2020 - Dominique Leuenberger + +- Update to version 3.0.10: + + Misc: Update Twitch & VLSub scripts. + ------------------------------------------------------------------- Thu Apr 16 16:10:19 UTC 2020 - Dominique Leuenberger @@ -142,6 +148,20 @@ Tue Aug 20 07:55:46 UTC 2019 - Dominique Leuenberger - support HiDPI UI on Windows, with the switch to Qt5, - prepares the experimental support for Wayland on Linux, and switches to OpenGL by default on Linux. + + Security fixes included: + * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) + * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) + * Fix a read buffer overflow in the FAAD decoder + * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) + * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) + * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) + * Fix a use after free in the ASF demuxer (CVE-2019-14533) + * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) + * Fix a null dereference in the dvdnav demuxer + * Fix a null dereference in the ASF demuxer (CVE-2019-14534) + * Fix a null dereference in the AVI demuxer + * Fix a division by zero in the CAF demuxer (CVE-2019-14498) + * Fix a division by zero in the ASF demuxer (CVE-2019-14535) - Drop vlc-CVE-2019-13962.patch, vlc-CVE-2019-13602_1.patch and vlc-CVE-2019-13602_2.patch: fixed upstream. - Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet diff --git a/vlc.spec b/vlc.spec index e538de9..03464d9 100644 --- a/vlc.spec +++ b/vlc.spec @@ -33,7 +33,7 @@ %bcond_with faad %bcond_with fdk_aac Name: vlc -Version: 3.0.9.2 +Version: 3.0.10 Release: 0 Summary: Graphical media player License: GPL-2.0-or-later AND LGPL-2.1-or-later