openSUSE-SU-2019:1909-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1909-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1909-1
Related
Published
2019-08-15T09:44:57Z
Modified
2019-08-15T09:44:57Z
Summary
Security update for vlc
Details

This update for vlc to version 3.0.7.1 fixes the following issues:

Security issues fixed:

  • CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
  • CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
  • CVE-2019-5460: Fixed a double free (bsc#1143547).
  • CVE-2019-12874: Fixed a double free in zlibdecompressextra in modules/demux/mkv/util.cpp (bsc#1138933).
  • CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
  • CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).

Non-security issues fixed:

  • Video Output:
    • Fix hardware acceleration with some AMD drivers
    • Improve direct3d11 HDR support
  • Access:
    • Improve Blu-ray support
  • Audio output:
    • Fix pass-through on Android-23
    • Fix DirectSound drain
  • Demux: Improve MP4 support
  • Video Output:
    • Fix 12 bits sources playback with Direct3D11
    • Fix crash on iOS
    • Fix midstream aspect-ratio changes when Windows hardware decoding is on
    • Fix HLG display with Direct3D11
  • Stream Output: Improve Chromecast support with new ChromeCast apps
  • Misc:
    • Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
    • Work around busy looping when playing an invalid item with loop enabled
  • Updated translations.

New package libaom: * Initial version 1.0.0 * A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format designed for video transmissions over the Internet.

References

Affected packages

openSUSE:Leap 15.0 / libaom

Package

Name
libaom
Purl
purl:rpm/suse/libaom&distro=openSUSE%20Leap%2015.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0-lp150.2.1

Ecosystem specific

{
    "binaries": [
        {
            "vlc": "3.0.7.1-lp150.8.1",
            "vlc-qt": "3.0.7.1-lp150.8.1",
            "aom-tools": "1.0.0-lp150.2.1",
            "libvlc5": "3.0.7.1-lp150.8.1",
            "libvlccore9": "3.0.7.1-lp150.8.1",
            "vlc-codec-gstreamer": "3.0.7.1-lp150.8.1",
            "libaom-devel": "1.0.0-lp150.2.1",
            "vlc-vdpau": "3.0.7.1-lp150.8.1",
            "vlc-devel": "3.0.7.1-lp150.8.1",
            "vlc-lang": "3.0.7.1-lp150.8.1",
            "vlc-noX": "3.0.7.1-lp150.8.1",
            "libaom-devel-doc": "1.0.0-lp150.2.1",
            "libaom0": "1.0.0-lp150.2.1",
            "vlc-jack": "3.0.7.1-lp150.8.1"
        }
    ]
}

openSUSE:Leap 15.0 / vlc

Package

Name
vlc
Purl
purl:rpm/suse/vlc&distro=openSUSE%20Leap%2015.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.7.1-lp150.8.1

Ecosystem specific

{
    "binaries": [
        {
            "vlc": "3.0.7.1-lp150.8.1",
            "vlc-qt": "3.0.7.1-lp150.8.1",
            "aom-tools": "1.0.0-lp150.2.1",
            "libvlc5": "3.0.7.1-lp150.8.1",
            "libvlccore9": "3.0.7.1-lp150.8.1",
            "vlc-codec-gstreamer": "3.0.7.1-lp150.8.1",
            "libaom-devel": "1.0.0-lp150.2.1",
            "vlc-vdpau": "3.0.7.1-lp150.8.1",
            "vlc-devel": "3.0.7.1-lp150.8.1",
            "vlc-lang": "3.0.7.1-lp150.8.1",
            "vlc-noX": "3.0.7.1-lp150.8.1",
            "libaom-devel-doc": "1.0.0-lp150.2.1",
            "libaom0": "1.0.0-lp150.2.1",
            "vlc-jack": "3.0.7.1-lp150.8.1"
        }
    ]
}