openSUSE-SU-2020:0562-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0562-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0562-1
Related
Published
2020-04-29T06:03:33Z
Modified
2020-04-29T06:03:33Z
Summary
Security update for vlc
Details

This update for vlc fixes the following issues:

vlc was updated to version 3.0.9.2:

  • Misc: Properly bump the version in configure.ac.

Changes from version 3.0.9.1:

  • Misc: Fix VLSub returning 401 for earch request.

Changes from version 3.0.9:

  • Core: Work around busy looping when playing an invalid item through VLM.
  • Access:
    • Multiple dvdread and dvdnav crashs fixes
    • Fixed DVD glitches on clip change
    • Fixed dvdread commands/data sequence inversion in some cases causing unwanted glitches
    • Better handling of authored as corrupted DVD
    • Added libsmb2 support for SMB2/3 shares
  • Demux:
    • Fix TTML entities not passed to decoder
    • Fixed some WebVTT styling tags being not applied
    • Misc raw H264/HEVC frame rate fixes
    • Fix adaptive regression on TS format change (mostly HLS)
    • Fixed MP4 regression with twos/sowt PCM audio
    • Fixed some MP4 raw quicktime and ms-PCM audio
    • Fixed MP4 interlacing handling
    • Multiple adaptive stack (DASH/HLS/Smooth) fixes
    • Enabled Live seeking for HLS
    • Fixed seeking in some cases for HLS
    • Improved Live playback for Smooth and DASH
    • Fixed adaptive unwanted end of stream in some cases
    • Faster adaptive start and new buffering control options
  • Packetizers:
    • Fixes H264/HEVC incomplete draining in some cases
    • packetizer_helper: Fix potential trailing junk on last packet
    • Added missing drain in packetizers that was causing missing last frame or audio
    • Improved check to prevent fLAC synchronization drops
  • Decoder:
    • avcodec: revector video decoder to fix incomplete drain
    • spudec: implemented palette updates, fixing missing subtitles on some DVD
    • Fixed WebVTT CSS styling not being applied on Windows/macOS
    • Fixed Hebrew teletext pages support in zvbi
    • Fixed Dav1d aborting decoding on corrupted picture
    • Extract and display of all CEA708 subtitles
    • Update libfaad to 2.9.1
    • Add DXVA support for VP9 Profile 2 (10 bits)
    • Mediacodec aspect ratio with Amazon devices
  • Audio output:
    • Added support for iOS audiounit audio above 48KHz
    • Added support for amem audio up to 384KHz
  • Video output:
    • Fix for opengl glitches in some drivers
    • Fix GMA950 opengl support on macOS
    • YUV to RGB StretchRect fixes with NVIDIA drivers
    • Use libpacebo new tone mapping desaturation algorithm
  • Text renderer:
    • Fix crashes on macOS with SSA/ASS subtitles containing emoji
    • Fixed unwanted growing background in Freetype rendering and Y padding
  • Mux: Fixed some YUV mappings
  • Service Discovery: Update libmicrodns to 0.1.2.
  • Misc:
    • Update YouTube, SoundCloud and Vocaroo scripts: this restores playback of YouTube URLs.
    • Add missing .wpl & .zpl file associations on Windows
    • Improved chromecast audio quality

Update to version 3.0.8 'vetinari':

  • Fix stuttering for low framerate videos
  • Improve adaptive streaming
  • Improve audio output for external audio devices on macOS/iOS
  • Fix hardware acceleration with Direct3D11 for some AMD drivers
  • Fix WebVTT subtitles rendering
  • Vetinari is a major release changing a lot in the media engine of VLC. It is one of the largest release we've ever done. Notably, it:
    • activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits, allowing 4K60 or even 8K decoding with little CPU consumption,
    • merges all the code from the mobile ports into the same codebase with common numbering and releases,
    • supports 360 video and 3D audio, and prepares for VR content,
    • supports direct HDR and HDR tone-mapping,
    • updates the audio passthrough for HD Audio codecs,
    • allows browsing of local network drives like SMB, FTP, SFTP, NFS...
    • stores the passwords securely,
    • brings a new subtitle rendering engine, supporting ComplexTextLayout and font fallback to support multiple languages and fonts,
    • supports ChromeCast with the new renderer framework,
    • adds support for numerous new formats and codecs, including WebVTT, AV1, TTML, HQX, 708, Cineform, and many more,
    • improves Bluray support with Java menus, aka BD-J,
    • updates the macOS interface with major cleaning and improvements,
    • support HiDPI UI on Windows, with the switch to Qt5,
    • prepares the experimental support for Wayland on Linux, and switches to OpenGL by default on Linux.
  • Security fixes included:
    • Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
    • Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
    • Fix a read buffer overflow in the FAAD decoder
    • Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
    • Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
    • Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
    • Fix a use after free in the ASF demuxer (CVE-2019-14533)
    • Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
    • Fix a null dereference in the dvdnav demuxer
    • Fix a null dereference in the ASF demuxer (CVE-2019-14534)
    • Fix a null dereference in the AVI demuxer
    • Fix a division by zero in the CAF demuxer (CVE-2019-14498)
    • Fix a division by zero in the ASF demuxer (CVE-2019-14535)
  • Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.

  • Disable SDLimage (SDL 1.2) based codec. It is only a wrapper around some image loading libraries (libpng, libjpeg, ...) which are either wrapped by vlc itself (libpngplugin.so) or via libavcodec (libavcodec_plugin.so).

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / vlc

Package

Name
vlc
Purl
purl:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.9.2-bp151.5.6.1

Ecosystem specific

{
    "binaries": [
        {
            "libvlccore9": "3.0.9.2-bp151.5.6.1",
            "vlc-jack": "3.0.9.2-bp151.5.6.1",
            "vlc-codec-gstreamer": "3.0.9.2-bp151.5.6.1",
            "vlc": "3.0.9.2-bp151.5.6.1",
            "vlc-devel": "3.0.9.2-bp151.5.6.1",
            "vlc-vdpau": "3.0.9.2-bp151.5.6.1",
            "vlc-qt": "3.0.9.2-bp151.5.6.1",
            "vlc-lang": "3.0.9.2-bp151.5.6.1",
            "vlc-noX": "3.0.9.2-bp151.5.6.1",
            "vlc-opencv": "3.0.9.2-bp151.5.6.1",
            "libvlc5": "3.0.9.2-bp151.5.6.1"
        }
    ]
}