Changelog
vlc (2.2.4-1~deb8u1) jessie-security; urgency=medium
* New upstream release.
- quicktime: Reject invalid IMA files (CVE-2016-5108). (Closes: #825728)
- pulse: Compute latency correctly if negative, fixing missing audio on
high network latency. (Closes: #784640)
- alsa: Fix audio device selection. (Closes: #801448)
- hls: Fix hang on stop, crashes and stack overflow.
- mkv: Fix infinite loop.
- vpx: Fix crash.
- mxf: Fix crash on stop.
- adpcm: Fix double-free.
- zvbi: Fix crash.
- skins2: Fix crash on malformed skin bitmaps.
- swscale: Fix crashes in swscale resizing.
- mp4: Fix divide-by-zero crash in mux.
- rtsp: Fix off-by-one buffer overflow.
- mms: Fix segmentation fault on large allocation, fix overflows.
- lua: Fix use-after-free.
- httplive: Fix stack overflow.
- avformat: Fix heap overflow, NULL dereference and double-free.
- avcodec: Fix invalid free.
- sdp: Fix read overflow.
- vcd: Fix double-free.
- aout: Fix use-after-free.
- vout: Fix use-after-free.
- realrtsp: Fix off-by-one and various crashes.
- Fix various memory leaks.
- Fix links to French TV icons. (Closes: #782229)
* debian/patches/CVE-2015-5949.patch: Removed, included upstream.
* debian/copyright: Update copyright years.
* debian/libvlc5.symbols: Bump version of libvlc_event_type_name for new
event names.
-- Sebastian Ramacher <email address hidden> Sun, 05 Jun 2016 17:39:38 +0200