From gitlab at videolan.org Fri Jun 7 08:20:43 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Fri, 07 Jun 2019 08:20:43 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] 3.0.7 Message-ID: <5cfa023bd7266_76dd3fadd505f3f86582d0@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 2f05ccf2 by Jean-Baptiste Kempf at 2019-06-07T06:20:35Z 3.0.7 - - - - - 2 changed files: - www.videolan.org/include/os-specific.php - www.videolan.org/news.msg Changes: ===================================== www.videolan.org/include/os-specific.php ===================================== @@ -1,8 +1,8 @@ VideoLAN would like to thank the EU-FOSSA project from the European Commission, who funded this initiative.
More information available on the release page. + |8 April 2019|VLC for Android 3.1|VideoLAN is happy to present the new major version of VLC for Android platforms. Featuring AV1 decoding with dav1d, Android Auto, Launcher Shortcuts, Oreo/Pie integration, Video Groups, SMBv2, and OTG drive support, but also improvements on Cast, Chromebooks and managing the audio/video libraries, this is a quite large update. |12 February 2019|libbluray 1.1.0|VideoLAN is releasing a new major version of libbluray: 1.1.0. It adds support for UHD menus (experimental), for more recents of Java, and improves vastly BD-J menus. This release fixes numerous small issues reported. View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/2f05ccf2924943aedfa8909c5f96452dbc0eaab8 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/2f05ccf2924943aedfa8909c5f96452dbc0eaab8 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Jun 7 08:34:42 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Fri, 07 Jun 2019 08:34:42 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Update 3.0.7 page Message-ID: <5cfa0582384cb_76dd3fade22bd73c659798@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: a64c8873 by Jean-Baptiste Kempf at 2019-06-07T06:34:32Z Update 3.0.7 page - - - - - 3 changed files: - www.videolan.org/news.msg - + www.videolan.org/vlc/releases/3.0.7.php - www.videolan.org/vlc/releases/index.php Changes: ===================================== www.videolan.org/news.msg ===================================== @@ -1,6 +1,6 @@ # Comments begin with a # # New topics begin with mechanism# -|7 June 2019|VLC 3.0.7|VideoLAN is releasing today the VLC 3.0.7 release, focusing on numerous security fixes, improving HDR support on Windows, and Blu-ray menu support.
VideoLAN would like to thank the EU-FOSSA project from the European Commission, who funded this initiative.
More information available on the release page. +|7 June 2019|VLC 3.0.7|After 100 millions downloads of 3.0.6, VideoLAN is releasing today the VLC 3.0.7 release, focusing on numerous security fixes, improving HDR support on Windows, and Blu-ray menu support.
VideoLAN would like to thank the EU-FOSSA project from the European Commission, who funded this initiative.
More information available on the release page. |8 April 2019|VLC for Android 3.1|VideoLAN is happy to present the new major version of VLC for Android platforms. Featuring AV1 decoding with dav1d, Android Auto, Launcher Shortcuts, Oreo/Pie integration, Video Groups, SMBv2, and OTG drive support, but also improvements on Cast, Chromebooks and managing the audio/video libraries, this is a quite large update. ===================================== www.videolan.org/vlc/releases/3.0.7.php ===================================== @@ -0,0 +1,560 @@ + +
+ +

VLC 3.0.7 Vetinari

+
VLC 3.0.7 is the second version of the "Vetinari" branch of our popular media player.
+
+ + + + +
+
+
+ + + + + + +
+
+
+

Hardware accelerated decoding for HD and UHD

+ + + + + +
+ +
+ + Download VLC icon + + + Version 3.0 + + + +
+
+
+ +
+
+

+
+
+
    +
  • VLC 3.0.7 is the seventh update of "Vetinari":
    • +
  • Improvements for HDR support on Windows, including for HLG streams +
  • Improvements on the Blu-ray support, notably for menus +
  • Fixes for some 10bit and 12bit rendering on Windows 10 +
  • Fixes for UPnP on recent macbooks +
+
+
+
    +
  • Numerous security issues: +
  • 2 high security issues, 20 medium and 2 low security issues where fixed,
    + ranging from integer overflow to buffer overflows. + +
    Read the Changelog.
    +
+
+
+
+ +
+

+
+
+
    +
  • VLC 3.0 "Vetinari" is a new major update of VLC
    • +
  • VLC 3.0 activates hardware decoding by default, to get 4K and 8K playback!
    • +
  • It supports 10bits and HDR
    • +
  • VLC supports 360 video and 3D audio, up to Ambisonics 3rd order
    • +
+
+
+
    +
  • Allows audio passthrough for HD audio codecs
    • +
  • Can stream to Chromecast devices, even in formats not supported natively
    • +
  • Can play Blu-Ray Java menus: BD-J
    • +
  • VLC supports browsing of local network drives and NAS
    • +
    Read the Changelog.
    +
+
+
+
+
+ +
+
+
+
+

VLC 3.0 playing 8K 48fps 360 video on Android Galaxy S8 from VideoLAN on Vimeo.

+
+
+
+

VLC 3.0 playing 8k60 on Windows 10 using i7 GPU from VideoLAN on Vimeo.

+
+
+
+
+
+
+
+

3.0

+
+
+ +
+
+
+
+
+
    +
  • Network browsing for distant filesystems (SMB, FTP, SFTP, NFS...) +
  • HDMI passthrough for Audio HD codecs, like E-AC3, TrueHD or DTS-HD +
  • 12bits codec and extended colorspaces (HDR) +
  • Stream to distant renderers, like Chromecast +
  • 360 video and 3D audio playback with viewpoint change +
  • Support for Ambisonics audio and more than 8 audio channels +
  • Subtitles size modification during playback +
  • Secure passwords storage +
+
+
+
+
+
+
+
+
    +
  • Hardware decoding and display on all platforms
    • +
  • HEVC hardware decoding on Windows, using DxVA2 and D3D11
    • +
  • HEVC hardware decoding using OMX and MediaCodec (Android)
    • +
  • MPEG-2, VC1/WMV3 hardware decoding on Android
    • +
  • Important improvements for the MMAL decoder and output for rPI and rPI2
    • +
  • HEVC and H.264 hardware decoding for macOS and and iOS based on VideoToolbox
    • +
  • New VA-API decoder and rendering for Linux
    • +
+
+
+
+
+ +
+
+
+
+
+
    +
  • BD-Java menus and overlay in Blu-Ray
    • +
  • Experimental AV1 video and Daala video decoders
    • +
  • OggSpots video decoder
    • +
  • New MPEG-1 & 2 audio layer I, II, III + MPEG 2.5 decoder based on libmpg123
    • +
  • New BPG decoder based on libbpg
    • +
  • TDSC, Canopus HQX, Cineform, SpeedHQ, Pixlet, QDMC and FMVC decoders
    • +
  • TTML subtitles support, including EBU-TT variant
    • +
  • Rewrite of webVTT subtitles support, including CSS style support
    • +
  • BluRay text subtitles (HDMV) deocoder
    • +
  • Support for ARIB-B24, CEA-708
    • +
  • New decoder for MIDI on macOS, iOS and Windows
    • +
+
+
+
+
+
+
+
+
    +
  • Rework of the MP4 demuxer:
    including 608/708, Flip4Mac, XiphQT, VP8, TTML mappings
    • +
  • Rework of the TS demuxer:
    including Opus, SCTE-18, ARIB mappings
    • +
  • HD-DVD .evo support
    • +
  • Rework of the PS demuxer, supporting HEVC, improving compatibility of broken files
    • +
  • Improvements on MKV, including support for DVD-menus and FFv1, and faster seeking
    • +
  • Support for Chained-Ogg, raw-HEVC and improvements for Flac
    • +
  • Support for Creative ADPCM in AVI and VOC files
    • +
  • Improved metadata formats in most file formats
    • +
+
+
+
+
+ +
+
+
+
+
+
    +
  • Full support for Bluray Menus (BD-J) and Bluray ISO
    • +
  • Rewrite of Adaptive Streaming protocols support
    • +
  • Support for HLSv4 to HLSv7, including MP4 and ID3 cases
    • +
  • Rewrite of DASH support, including MPEG2TS and ISOBMFF
    • +
  • Support SAT>IP devices, for DVB-S via IP networks
    • +
  • Support for HTTP 2.0
    • +
  • Support NFS, SMB and SFTP shares, with browsing
    • +
  • Support for SRT streaming protocol
    • +
+
+
+
+
+
+
+
+
    +
  • Support for streaming to Chromecast devices +
  • Support for VP8 and VP9 encoding through libvpx +
  • Support for streaming Opus inside TS +
  • Support for mp4 fragmented muxing +
  • Improvements for x265 encoding +
+
+
+
+
+ + +
+
+
+
+
+
    +
  • OpenGL as Linux/BSD default video output
    • +
  • Improvements in OpenGL output: direct displaying and HDR tonemapping
    • +
  • Rework of the Android video outputs
    • +
  • New Direct3D11 video output supporting both Windows desktop and WinRT modes
    • +
  • HDR10 support in Direct3D11 with Windows 10 Fall Creator Update
    • +
  • Hardware deinterlacing on the rPI, using MMAL
    • +
  • Video filter to convert between fps rates
    • +
  • Hardware accelerated deinterlacing/adjust/sharpen/chroma with VA-API
    • +
  • Hardware accelerated adjust/invert/posterize/sepia/sharpen with CoreImage
    • +
  • Hardware accelerated deinterlacing/adjust/chroma with D3D9 and D3D11
    • +
+
+
+
+
+
+
+
+
    +
  • Complete rewrite of the AudioTrack Android output
    • +
  • New Tizen audio output
    • +
  • HDMI/SPDIF pass-through support for WASAPI (AC3/DTS/DTSHD/EAC3/TRUEHD)
    • +
  • Support EAC3 and TRUEHD pass-through for PulseAudio
    • +
  • Rework of the AudioUnit modules to share more code between iOS and macOS
    • +
  • SoX Resampler library audio filter module (converter and resampler)
    • +
  • Ambisonics audio renderer, supporting up to 3rd order
    • +
  • Binauralizer audio filter, working with Ambisonics or 5.1/7.1 streams
    • +
  • Pitch shifting module
    • +
+
+
+
+
+ +
+
+
+
+
+
    +
  • Windows XP ➔ 10 RS3
    • +
  • macOS 10.7 ➔ 10.13
    • +
  • iOS 7 ➔ 11
    • +
  • Android 2.3 ➔ 8.1
    • +
  • Android TV, Chromebooks with Play Store
    • +
  • Windows RT 8.1, Windows Phone 8.1
    • +
  • Windows 10 Mobile, Xbox 1, Windows Store
    • +
  • GNU/Linux, Ubuntu, *BSD
    • +
+
+
+
+
+
+
+
+
    +
  • Chromecast support from your phone
    • +
  • HEVC hardware decoding using MediaCodec
    • +
  • Android Auto with voice actions
    • +
  • Available on all Android TV, Chromebooks & DeX
    • +
  • Support for Picture-in-Picture
    • +
  • Playlist files detection
    • +
+
+
+
+
+ +
+
+
VLC SDK - libVLC
+
+
+
    +
  • New bindings for C++ and C++/CX
    • +
  • New input-from-memory to implement custom protocols or DRM +
  • Support for ChromeCast and Renderer targets +
  • Improve API for servers discovery +
  • New API for dialogs, notably for HTTPS warnings +
  • New API to manage slaves inputs, including subtitles over the network +
  • Improve codec, format descriptions and associated metadata +
  • Improve EPG events API +
  • Better support for Android applications, native and Java ones +
+
+
+
+
+ + +
+
+ + +
+ + + +

Download VLC

+
+

Windows

+ + Download VLC icon + + + Version + +
+
+

Android

+ +
+
+
+

macOS

+ + Download VLC icon + + + Version - 64bits + +
+
+

iOS

+ +
+ + +
+
+

Windows Store and UWP

+ +
+ +
+

Windows Phone

+ +
+ +
+
+

Sources

+ Get the source! +
+
+

Linux

+

Ask your favorite packager for VLC 3.0!

+
+ + +
+

Related links

+ + +
+

Contact

+

For any questions related to this release, please contact us.

+
+ + + + ===================================== www.videolan.org/vlc/releases/index.php ===================================== @@ -9,6 +9,7 @@

VLC Releases

VLC 3.0.X branch

+VLC 3.0.7
VLC 3.0.6
VLC 3.0.5
VLC 3.0.4
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/a64c88737be1968ae5bf12de478953f6863052a4 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/a64c88737be1968ae5bf12de478953f6863052a4 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Jun 7 09:40:09 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Fri, 07 Jun 2019 09:40:09 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] 3.0.7: fix numbers Message-ID: <5cfa14d993d7c_76dd3fadf2307f486666b9@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 368f75c2 by Jean-Baptiste Kempf at 2019-06-07T07:39:58Z 3.0.7: fix numbers - - - - - 1 changed file: - www.videolan.org/vlc/releases/3.0.7.php Changes: ===================================== www.videolan.org/vlc/releases/3.0.7.php ===================================== @@ -223,8 +223,8 @@
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/368f75c20fc7baf49523eda67820886e57d54996 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/368f75c20fc7baf49523eda67820886e57d54996 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Sat Jun 8 01:08:36 2019 From: gitlab at videolan.org (=?UTF-8?B?RmVsaXggUGF1bCBLw7xobmU=?=) Date: Sat, 08 Jun 2019 01:08:36 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] nit-pick Message-ID: <5cfaee741a210_76dd3fadf23420f8735826@gitlab.mail> Felix Paul Kühne pushed to branch master at VideoLAN organization / websites Commits: af3ce341 by Felix Paul Kühne at 2019-06-07T23:08:29Z nit-pick - - - - - 1 changed file: - www.videolan.org/vlc/releases/3.0.7.php Changes: ===================================== www.videolan.org/vlc/releases/3.0.7.php ===================================== @@ -217,7 +217,7 @@
  • Improvements for HDR support on Windows, including for HLG streams
  • Improvements on the Blu-ray support, notably for menus
  • Fixes for some 10bit and 12bit rendering on Windows 10 -
  • Fixes for UPnP on recent macbooks +
  • Fixes for UPnP discovery on MacBooks with a TouchBar
    • View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/af3ce341ff1b65ec37ab51b781ea1241b3c3762f -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/af3ce341ff1b65ec37ab51b781ea1241b3c3762f You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Sun Jun 9 08:54:08 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Sun, 09 Jun 2019 08:54:08 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] libbluray 1.1.2 Message-ID: <5cfcad10ad872_76dd3fadf23420f8745398@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 71ea6bcd by Jean-Baptiste Kempf at 2019-06-09T06:53:59Z libbluray 1.1.2 - - - - - 1 changed file: - www.videolan.org/developers/libbluray.php Changes: ===================================== www.videolan.org/developers/libbluray.php ===================================== @@ -4,7 +4,7 @@ $new_design = true; require($_SERVER["DOCUMENT_ROOT"]."/include/header.php"); - $libbluray_version = "1.1.1"; + $libbluray_version = "1.1.2"; ?>
    View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/71ea6bcde8ea2822c3752d3afb830844b7584621 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/71ea6bcde8ea2822c3752d3afb830844b7584621 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Sun Jun 9 08:59:52 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Sun, 09 Jun 2019 08:59:52 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] fix typo Message-ID: <5cfcae6815116_76dd3fade41a55f07455aa@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 3094e020 by Martin Finkel at 2019-06-09T06:59:46Z fix typo - - - - - 1 changed file: - www.videolan.org/vlc/releases/3.0.7.php Changes: ===================================== www.videolan.org/vlc/releases/3.0.7.php ===================================== @@ -223,7 +223,7 @@
    • Numerous security issues: -
    • 1 high security issues, 21 medium and 20 low security issues where fixed,
      +
    • 1 high security issues, 21 medium and 20 low security issues were fixed,
      ranging from integer overflow to buffer overflows, with out-of-read violations and stack overflows.
      Read the Changelog.
      View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/3094e0201e335ea336134c8ce605d72e58eb9793 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/3094e0201e335ea336134c8ce605d72e58eb9793 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Sun Jun 9 11:19:41 2019 From: gitlab at videolan.org (=?UTF-8?B?RmVsaXggUGF1bCBLw7xobmU=?=) Date: Sun, 09 Jun 2019 11:19:41 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Fix typo Message-ID: <5cfccf2d6fd7e_76dd3fadf2343fc0747265@gitlab.mail> Felix Paul Kühne pushed to branch master at VideoLAN organization / websites Commits: ec4c1001 by Felix Paul Kühne at 2019-06-09T09:19:35Z Fix typo - - - - - 1 changed file: - www.videolan.org/vlc/releases/3.0.7.php Changes: ===================================== www.videolan.org/vlc/releases/3.0.7.php ===================================== @@ -223,7 +223,7 @@
      • Numerous security issues: -
      • 1 high security issues, 21 medium and 20 low security issues were fixed,
        +
      • 1 high security issue, 21 medium and 20 low security issues were fixed,
        ranging from integer overflow to buffer overflows, with out-of-read violations and stack overflows.
        Read the Changelog.
        View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/ec4c1001b8131ac86f9fd826139b4c3b57c24285 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/ec4c1001b8131ac86f9fd826139b4c3b57c24285 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Tue Jun 11 22:08:38 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Tue, 11 Jun 2019 22:08:38 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Release 3.0.7.1 Message-ID: <5d000a46406a0_76dd3fade22bd73c859298@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: c74aa0ba by Jean-Baptiste Kempf at 2019-06-11T20:08:27Z Release 3.0.7.1 - - - - - 1 changed file: - www.videolan.org/include/os-specific.php Changes: ===================================== www.videolan.org/include/os-specific.php ===================================== @@ -1,8 +1,8 @@ Felix Paul Kühne pushed to branch master at VideoLAN organization / websites Commits: a2bfccbc by Felix Paul Kühne at 2019-06-12T15:28:54Z Release 3.0.7.1 for macOS - - - - - 1 changed file: - www.videolan.org/include/os-specific.php Changes: ===================================== www.videolan.org/include/os-specific.php ===================================== @@ -1,6 +1,6 @@ Hugo Beauzée-Luyssen pushed to branch master at VideoLAN organization / websites Commits: 3d244a69 by Hugo Beauzée-Luyssen at 2019-06-21T08:00:28Z SA1901 - - - - - 2 changed files: - www.videolan.org/security/index.php - + www.videolan.org/security/sa1901.php Changes: ===================================== www.videolan.org/security/index.php ===================================== @@ -16,6 +16,14 @@ for underlying third party libraries. Please refer to the concerned third parties as appropriate.

        +

        2019

        +
        + +
        VideoLAN-SA-1901
        +
        Buffer overflow in avi demuxer & heap use after free in mkv demuxer + Details +
        +

        2018

        ===================================== www.videolan.org/security/sa1901.php ===================================== @@ -0,0 +1,54 @@ + + + +
        + +

        Security Advisory 1901

        +
        +Summary           : Read buffer overflow & use-after-free
+Date              : June 2019
+Affected versions : VLC media player 3.0.6 and earlier
+ID                : VideoLAN-SA-1901
+CVE reference     : CVE-2019-5439, CVE-2019-12874
+
        + +

        Details

        +

        A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a +heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a +heap use after free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively

        + +

        Impact

        +

        If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

        + +

        Threat mitigation

        +

        Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.

        +

        ASLR and DEP help reduce exposure, but may be bypassed.

        + +

        Workarounds

        +

        The user should refrain from opening files from untrusted third parties +or accessing untrusted remote sites (or disable the VLC browser plugins), +until the patch is applied. +

        + +

        Solution

        +

        VLC media player 3.0.7 addresses the issue. +

        +

        References

        +
        +
        The VideoLAN project
        +
        http://www.videolan.org/ +
        +
        VLC official GIT repository
        +
        http://git.videolan.org/?p=vlc.git +
        +
        + +
        + + View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/3d244a6938b1e682a1217ac2603f6a59fc82e752 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/3d244a6938b1e682a1217ac2603f6a59fc82e752 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Jun 21 15:10:42 2019 From: gitlab at videolan.org (=?UTF-8?B?SHVnbyBCZWF1esOpZS1MdXlzc2Vu?=) Date: Fri, 21 Jun 2019 15:10:42 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] SA1901: Fix 2nd vulnerability type Message-ID: <5d0cd75283571_29c3fcd3f5aa02c1729ef@gitlab.mail> Hugo Beauzée-Luyssen pushed to branch master at VideoLAN organization / websites Commits: 433cd91f by Hugo Beauzée-Luyssen at 2019-06-21T13:08:28Z SA1901: Fix 2nd vulnerability type And credit the researcher - - - - - 1 changed file: - www.videolan.org/security/sa1901.php Changes: ===================================== www.videolan.org/security/sa1901.php ===================================== @@ -11,7 +11,7 @@

        Security Advisory 1901

        -Summary           : Read buffer overflow & use-after-free
+Summary           : Read buffer overflow & double free
 Date              : June 2019
 Affected versions : VLC media player 3.0.6 and earlier
 ID                : VideoLAN-SA-1901
@@ -21,7 +21,7 @@ CVE reference     : CVE-2019-5439, CVE-2019-12874
 
        Details
        
 
        A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a
 heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a
-heap use after free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively
        
+double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively
        
 
 
        Impact
        
 
        If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
        
@@ -39,6 +39,10 @@ until the patch is applied.
 
        Solution
        
 
        VLC media player 3.0.7 addresses the issue.
 
        
+
+
        Credits
        
+
        The MKV double free vulnerability was reported by Symeon Paraschoudis from Pen Test Partners
        
+
 
        References
        
 
        
 
        The VideoLAN project
        



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/433cd91fe5e964e8626dcba12d5ad5e4a6e8d408

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/433cd91fe5e964e8626dcba12d5ad5e4a6e8d408
You're receiving this email because of your account on code.videolan.org.


From gitlab at videolan.org  Mon Jun 24 12:18:44 2019
From: gitlab at videolan.org (=?UTF-8?B?SHVnbyBCZWF1esOpZS1MdXlzc2Vu?=)
Date: Mon, 24 Jun 2019 12:18:44 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] Update SA1901
Message-ID: <5d10a38488cfc_29c3fcd3f5a070c2082f1@gitlab.mail>



Hugo Beauzée-Luyssen pushed to branch master at VideoLAN organization / websites


Commits:
db2a5f5d by Hugo Beauzée-Luyssen at 2019-06-24T10:18:27Z
Update SA1901

- - - - -


1 changed file:

- www.videolan.org/security/sa1901.php


Changes:

=====================================
www.videolan.org/security/sa1901.php
=====================================
@@ -28,7 +28,6 @@ double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively
        
 
 
        Threat mitigation
        
 
        Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.
        
-
        ASLR and DEP help reduce exposure, but may be bypassed.
        
 
 
        Workarounds
        
 
        The user should refrain from opening files from untrusted third parties
@@ -37,7 +36,8 @@ until the patch is applied.
 
        
 
 
        Solution
        
-
        VLC media player 3.0.7 addresses the issue.
+
        VLC media player 3.0.7 addresses the issues.
+This release also fixes an important security issue that could lead to code execution when playing an AAC file.
 
        
 
 
        Credits
        



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/db2a5f5db362e511be9dca5fbeab536407c4f1c6

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/db2a5f5db362e511be9dca5fbeab536407c4f1c6
You're receiving this email because of your account on code.videolan.org.