Bugzilla – Bug 965227
VUL-0: CVE-2015-5949: vlc: security bug
Last modified: 2016-08-05 07:00:28 UTC
Created attachment 664513 [details] debian patch Dear mantainer, dear developer, If I don't miss anything (I'm not very technical person), the package vlc in stable opensuse 13.2 and leap 42.1 is affected by bug CVE-2015-5949. here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949 you can find more detailed information. Both debian and mageia backported upstream patch. In the alleged file (I hope it could help) I'am attaching debian patch (upstream patch is here https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd ). Thank for you work kind regards Tiziano
This is an autogenerated message for OBS integration: This bug (965227) was mentioned in https://build.opensuse.org/request/show/357850 Factory / vlc
Got https://build.opensuse.org/request/show/357853 for 42.1. Does this issue affect openSUSE 13.2 as well?
(In reply to Andreas Stieger from comment #2) > Got https://build.opensuse.org/request/show/357853 for 42.1. Does this issue > affect openSUSE 13.2 as well? I'm trying to get this information - the patch at least does not apply on 13.2; but that does not mean it's not affected
(In reply to Dominique Leuenberger from comment #3) > (In reply to Andreas Stieger from comment #2) > > Got https://build.opensuse.org/request/show/357853 for 42.1. Does this issue > > affect openSUSE 13.2 as well? > > I'm trying to get this information - the patch at least does not apply on > 13.2; but that does not mean it's not affected ok - 2.1.x tree is also affected - and I got a branch currently building, where I * Updated vlc to version 2.1.6 (there are quite some other fixes * Apply the patch for this very issue. Patch applies on this version. Once I get a build I can do some basic testing.
(In reply to Dominique Leuenberger from comment #4) > (In reply to Dominique Leuenberger from comment #3) > > (In reply to Andreas Stieger from comment #2) > > > Got https://build.opensuse.org/request/show/357853 for 42.1. Does this issue > > > affect openSUSE 13.2 as well? > > > > I'm trying to get this information - the patch at least does not apply on > > 13.2; but that does not mean it's not affected > > ok - 2.1.x tree is also affected - and I got a branch currently building, > where I > * Updated vlc to version 2.1.6 (there are quite some other fixes > * Apply the patch for this very issue. Patch applies on this version. > > Once I get a build I can do some basic testing. Ping 13.2?
openSUSE-SU-2016:0476-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 965227 CVE References: CVE-2015-5949 Sources used: openSUSE Leap 42.1 (src): vlc-2.2.1-24.1
thanks to all the developers and maintainers involved for their work. best regards Tiziano
VLC 2.1.6 supposedly brought the fix for this too to 13.2 - together with quite some other fixes