From gitlab at videolan.org  Tue May  5 20:04:30 2020
From: gitlab at videolan.org (Konstantin Pavlov)
Date: Tue, 05 May 2020 20:04:30 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] nightlies: mention a
 new location for the new files
Message-ID: <5eb1aaae6c25_2a63fc41835b2881507916@gitlab.mail>



Konstantin Pavlov pushed to branch master at VideoLAN organization / websites


Commits:
e06487d8 by Konstantin Pavlov at 2020-05-05T21:04:17+03:00
nightlies: mention a new location for the new files

- - - - -


6 changed files:

- nightlies.videolan.org/build/iOS/HEADER.html
- nightlies.videolan.org/build/macosx-intel/HEADER.html
- nightlies.videolan.org/build/source/HEADER.html
- nightlies.videolan.org/build/tvOS/HEADER.html
- nightlies.videolan.org/build/win32/HEADER.html
- nightlies.videolan.org/build/win64/HEADER.html


Changes:

=====================================
nightlies.videolan.org/build/iOS/HEADER.html
=====================================
@@ -2,13 +2,16 @@
     <a href="//www.videolan.org/">
         <img src="/cone-soppera10.png" alt="VLC cone logo" id="logo" />
     </a>
-    <h1>MobileVLCKit iOS nightly builds for ARMv7, ARMv7s, AArch64, x86_64 and i686</h1>
+    <h1>!!! MobileVLCKit iOS nightly builds were moved to <a href="https://artifacts.videolan.org/VLCKit/MobileVLCKit/">a new location</a>!!!</h1>
+    <p>MobileVLCKit iOS nightly builds for ARMv7, ARMv7s, AArch64, x86_64 and i686</p>
     <p>Remember to test the <strong>latest</strong> nightly build before reporting a bug (in one of the older nightly builds). Have fun!</p>
 
     <p>Please report nightly builds breakage (meaning that there is no new build) on <code>#videolan</code> on irc.freenode.net.</p>
 
-    <h2>Note: MobileVLCKit's nightly builds for iOS require iOS 7 or later as well as Xcode 7.3 or later</h2>
+    <p>Note: MobileVLCKit's nightly builds for iOS require iOS 7 or later as well as Xcode 7.3 or later</p>
     <p>The static framework will not work on earlier releases of iOS. Linking with libc++ instead of libstdc++ is required.</p>
 
     <p><a href="/">Looking for nightly builds for other OSes</a> or <a href="//www.videolan.org/vlc/download-ios.html">official releases</a>?</p>
+    <h1>!!! MobileVLCKit iOS nightly builds were moved to <a href="https://artifacts.videolan.org/VLCKit/MobileVLCKit/">a new location</a>!!!</h1>
 </header>
+


=====================================
nightlies.videolan.org/build/macosx-intel/HEADER.html
=====================================
@@ -2,18 +2,22 @@
     <a href="//www.videolan.org/">
         <img src="/cone-soppera10.png" alt="VLC cone logo" id="logo" />
     </a>
-    <h1>VLC media player nightly builds for macOS</h1>
+    <h1>!!! VLC media player 4.0 nightly builds for macOS were moved to <a href="https://artifacts.videolan.org/vlc/nightly-macos/">a new location</a>!!!</h1>
+    <h1>!!! VLC media player 3.0 nightly builds for macOS were moved to <a href="https://artifacts.videolan.org/vlc-3.0/nightly-macos/">a new location</a>!!!</h1>
+    <p>VLC media player nightly builds for macOS</p>
     <p>Remember to test the <strong>latest</strong> nightly build before reporting a bug (in one of the older nightly builds). Have fun!</p>
     <p>Please report nightly builds breakage (meaning that there is no new build) on <code>#videolan</code> on <code>irc.freenode.net</code>.</p>
 
-    <h3>Note: VLC's nightly builds require at least macOS 10.7 for VLC 3.0.x (stable version) or macOS 10.11 for VLC 4.0.0 (development version)</h3>
+    <p>Note: VLC's nightly builds require at least macOS 10.7 for VLC 3.0.x (stable version) or macOS 10.11 for VLC 4.0.0 (development version)</p>
     <p>It will not launch on older releases. We recommend you to keep your Mac OS X installation up-to-date and to install Apple's updates. This will also improve your VLC usage experience.</p>
     <p>Note that nightly builds for macOS are not signed with our GateKeeper certificate. Therefore, you need to right-click on the application to select <em>Open</em> to launch them for the first time after download.</p>
-    <h2>What's the stable branch?</h2>
+    <p>What's the stable branch?</p>
     <p>That's currently VLC's 3.0 series. We no longer provide nightly builds for older versions.</p>
     <ul>
         <li><strong>vlc-<em>version</em></strong> is the latest VLC snapshot compiled in <em>64</em> bit mode.</li>
         <li><strong>VLCKit</strong> is the latest VLC snapshot of the Objective-C framework (libvlc binding) to include VLC's functionality in your own applications.</li>
     </ul>
     <p><a href="/">Looking for nightly builds for other OSes</a> or <a href="//www.videolan.org/vlc/download-macosx.html">official releases</a>?</p>
+    <h1>!!! VLC media player 4.0 nightly builds for macOS were moved to <a href="https://artifacts.videolan.org/vlc/nightly-macos/">a new location</a>!!!</h1>
+    <h1>!!! VLC media player 3.0 nightly builds for macOS were moved to <a href="https://artifacts.videolan.org/vlc-3.0/nightly-macos/">a new location</a>!!!</h1>
 </header>


=====================================
nightlies.videolan.org/build/source/HEADER.html
=====================================
@@ -3,7 +3,7 @@
         <img src="/cone-soppera10.png" alt="VLC cone logo" id="logo" />
     </a>
     <h1>VLC media player daily code snapshots</h1>
-    <p>Please report nightly snapshots breakage (meaning that there is no new snapshot) on <code>#videolan</code> on irc.freenode.net.</p>
+    <p>The service is now discontinued.  Please use tarball export from <a href="https://code.videolan.org/videolan/vlc/">vlc.git</a> and <a href="https://code.videolan.org/videolan/vlc-3.0">vlc-3.0.git</a> respectively.</p>
 
     <p><a href="/">Looking for nightly builds</a> or <a href="//www.videolan.org/vlc/download-sources.html">official releases</a>?</p>
 </header>


=====================================
nightlies.videolan.org/build/tvOS/HEADER.html
=====================================
@@ -2,10 +2,13 @@
     <a href="//www.videolan.org/">
         <img src="/cone-soppera10.png" alt="VLC cone logo" id="logo" />
     </a>
-    <h1>TVVLCKit tvOS nightly builds for AArch64 and x86_64</h1>
+    <h1>!!! TVVLCKit tvOS nightly builds moved to <a href="https://artifacts.videolan.org/VLCKit/TVVLCKit/">a new location</a>!!!</h1>
+
+    <p>TVVLCKit tvOS nightly builds for AArch64 and x86_64</p>
     <p>Remember to test the <strong>latest</strong> nightly build before reporting a bug (in one of the older nightly builds). Have fun!</p>
     <p>Please report nightly builds breakage (meaning that there is no new build) on <code>#videolan</code> on irc.freenode.net.</p>
-    <h2>Note: TVVLCKit's nightly builds require tvOS 9 or later as well as Xcode 7.3 or later</h2>
+    <p>Note: TVVLCKit's nightly builds require tvOS 9 or later as well as Xcode 7.3 or later</p>
     <p>Linking with libc++ instead of libstdc++ is required.</p>
     <p><a href="/">Looking for nightly builds for other OSes</a> or <a href="//www.videolan.org/vlc/download-appletv.html">official releases</a>?</p>
+    <h1>!!! TVVLCKit tvOS nightly builds moved to <a href="https://artifacts.videolan.org/VLCKit/TVVLCKit/">a new location</a>!!!</h1>
 </header>


=====================================
nightlies.videolan.org/build/win32/HEADER.html
=====================================
@@ -2,14 +2,20 @@
     <a href="//www.videolan.org/">
         <img src="/cone-soppera10.png" alt="VLC cone logo" id="logo" />
     </a>
-    <h1>VLC media player Win32 nightly builds</h1>
+    <h1>!!! VLC media player 4.0 Win32 nightly builds moved to <a href="https://artifacts.videolan.org/vlc/nightly-win32">a new location</a>!!!</h1>
+    <h1>!!! VLC media player 3.0 Win32 nightly builds moved to <a href="https://artifacts.videolan.org/vlc-3.0/nightly-win32">a new location</a>!!!</h1>
+
+    <p>VLC media player Win32 nightly builds</p1>
     <p>Remember to test the <strong>latest</strong> nightly build before reporting a bug (in one of the older nightly builds). Have fun!</p>
     <p>Please report nightly builds breakage (meaning that there is no new build) on <code>#videolan</code> on <code>irc.freenode.net</code>.</p>
 
-    <h2>What's the stable branch?</h2>
+    <p>What's the stable branch?</p>
     <ul>
         <li><strong>branch</strong> represents the latest stable release</li>
         <li><strong>trunk</strong> represent the latest development release</li>
     </ul>
     <p><a href="/">Looking for nightly builds for other OSes</a> or <a href="//www.videolan.org/vlc/download-macosx.html">official releases</a>?</p>
+
+    <h1>!!! VLC media player 4.0 Win32 nightly builds moved to <a href="https://artifacts.videolan.org/vlc/nightly-win32">a new location</a>!!!</h1>
+    <h1>!!! VLC media player 3.0 Win32 nightly builds moved to <a href="https://artifacts.videolan.org/vlc-3.0/nightly-win32">a new location</a>!!!</h1>
 </header>


=====================================
nightlies.videolan.org/build/win64/HEADER.html
=====================================
@@ -2,14 +2,20 @@
     <a href="//www.videolan.org/">
         <img src="/cone-soppera10.png" alt="VLC cone logo" id="logo" />
     </a>
-    <h1>VLC media player Win64 nightly builds</h1>
+    <h1>!!! VLC media player 4.0 Win64 nightly builds moved to <a href="https://artifacts.videolan.org/vlc/nightly-win64">a new location</a>!!!</h1>
+    <h1>!!! VLC media player 3.0 Win64 nightly builds moved to <a href="https://artifacts.videolan.org/vlc-3.0/nightly-win64">a new location</a>!!!</h1>
+
+    <p>VLC media player Win64 nightly builds</p>
     <p>Remember to test the <strong>latest</strong> nightly build before reporting a bug (in one of the older nightly builds). Have fun!</p>
     <p>Please report nightly builds breakage (meaning that there is no new build) on <code>#videolan</code> on <code>irc.freenode.net</code>.</p>
 
-    <h2>What's the stable branch?</h2>
+    <p>What's the stable branch?</p>
     <ul>
         <li><strong>branch</strong> represents the latest stable release</li>
         <li><strong>trunk</strong> represent the latest development release</li>
     </ul>
     <p><a href="/">Looking for nightly builds for other OSes</a> or <a href="//www.videolan.org/vlc/download-windows.html">official releases</a>?</p>
+
+    <h1>!!! VLC media player 4.0 Win64 nightly builds moved to <a href="https://artifacts.videolan.org/vlc/nightly-win64">a new location</a>!!!</h1>
+    <h1>!!! VLC media player 3.0 Win64 nightly builds moved to <a href="https://artifacts.videolan.org/vlc-3.0/nightly-win64">a new location</a>!!!</h1>
 </header>



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/e06487d834005ec93dd5761093fb00ea6f24ed41

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/e06487d834005ec93dd5761093fb00ea6f24ed41
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May  7 17:07:16 2020
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Thu, 07 May 2020 17:07:16 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] Security: update
 page layout
Message-ID: <5eb42424fc89_9c3c3f8449c666ac41753f@gitlab.mail>



Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites


Commits:
128b2ec5 by Jean-Baptiste Kempf at 2020-05-07T17:07:03+02:00
Security: update page layout

- - - - -


1 changed file:

- www.videolan.org/security/index.php


Changes:

=====================================
www.videolan.org/security/index.php
=====================================
@@ -1,9 +1,13 @@
 <?php
    $title = "Security information";
    $body_color = "red";
+   $new_design = true;
    require($_SERVER["DOCUMENT_ROOT"]."/include/header.php");
 ?>
 
+<div class="container">
+<div class="row">
+
 <h1>Security contacts</h1>
 <p><strong>Email</strong>: security at REMOVE@videolan.org.</p>
 <p>Please note that signed emails are welcome, and responsible disclosure is appreciated.</p>
@@ -227,4 +231,8 @@ Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. <a href="sa
 </dd>
 </dl>
 
+</div>
+</div>
+
+
 <?php footer('$Id$'); ?>



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/128b2ec5c0c71c0a1cf16843f9cf73f33c83e0f4

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/128b2ec5c0c71c0a1cf16843f9cf73f33c83e0f4
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May  7 17:18:32 2020
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Thu, 07 May 2020 17:18:32 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] Security: refactor
 the page layout
Message-ID: <5eb426c88de26_9c3c3f8449e66c0441774f@gitlab.mail>



Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites


Commits:
442052bc by Jean-Baptiste Kempf at 2020-05-07T17:18:20+02:00
Security: refactor the page layout

- - - - -


1 changed file:

- www.videolan.org/security/index.php


Changes:

=====================================
www.videolan.org/security/index.php
=====================================
@@ -7,231 +7,240 @@
 
 <div class="container">
 <div class="row">
-
-<h1>Security contacts</h1>
+<h1 class="bigtitle">Security</h1>
+<h2>Security contacts</h2>
 <p><strong>Email</strong>: security at REMOVE@videolan.org.</p>
-<p>Please note that signed emails are welcome, and responsible disclosure is appreciated.</p>
-
-<h1>Past security advisories</h1>
-
-<p><strong>Please note</strong>:
-The VideoLAN project does not issue security advisories
-for underlying third party libraries.
-Please refer to the concerned third parties as appropriate.
-</p>
-
-<h2>2020</h2>
-<dl>
-
-<dt>VideoLAN-SB-VLC-309</dt>
-<dd>Multiple vulnerabilities fixed in VLC media player
- <a href="sb-vlc309.html">Details</a>
-</dd>
-
-<h2>2019</h2>
-<dl>
-
-<dt>VideoLAN-SB-VLC-308</dt>
-<dd>Multiple vulnerabilities fixed in VLC media player
- <a href="sb-vlc308.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1901</dt>
-<dd>Buffer overflow in avi demuxer &amp; heap use after free in mkv demuxer
- <a href="sa1901.html">Details</a>
-</dd>
-
-<h2>2018</h2>
-<dl>
-
-<dt>VideoLAN-SA-1801</dt>
-<dd>Heap use after free in avformat demuxer
- <a href="sa1801.html">Details</a>
-</dd>
-
-<h2>2016</h2>
-<dl>
-
-<dt>VideoLAN-SA-1601</dt>
-<dd>Buffer Overflow in Processing QuickTime IMA Files
- <a href="sa1601.html">Details</a>
-</dd>
-
-<h2>2015</h2>
-<dl>
-
-<dt>VideoLAN-SA-1501</dt>
-<dd>Multiple heap and buffer overflows
- <a href="sa1501.html">Details</a>
-</dd>
-
-
-<h2>2013</h2>
-<dl>
-
-<dt>VideoLAN-SA-1302 (CVE-2013-1954)</dt>
-<dd>Overflow in ASF Demuxer
- <a href="sa1302.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1301</dt>
-<dd>Overflow in subtitles decoder
- <a href="sa1301.html">Details</a>
-</dd>
-
-
-<h2>2012</h2>
-<dl>
-
-<dt>VideoLAN-SA-1203 (CVE-2012-5470)</dt>
-<dd>Overflow in PNG decoder
- <a href="sa1203.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1202 (CVE-2012-1776)</dt>
-<dd>Heap overflows in Real RTPS protocol
- <a href="sa1202.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1201 (CVE-2012-1775)</dt>
-<dd>Stack overflow in MMS protocol
- <a href="sa1201.html">Details</a>
-</dd>
-
-
-<h2>2011</h2>
-<dl>
-<dt>VideoLAN-SA-1108 (CVE-2012-0023)</dt>
-<dd>Heap corruption in TiVo demuxer.
- <a href="sa1108.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1107 (CVE-2011-3333)</dt>
-<dd>NULL dereference in HTTP and RTSP server.
- <a href="sa1107.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1106 (CVE-2011-2588)</dt>
-<dd>Heap buffer overflow in AVI demuxer.
- <a href="sa1106.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1105 (CVE-2011-2587)</dt>
-<dd>Heap buffer overflow in RealMedia demuxer.
- <a href="sa1105.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1104 (CVE-2011-2194)</dt>
-<dd>Integer overflow in XSPF demuxer.
- <a href="sa1104.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1103 (CVE-2011-1684)</dt>
-<dd>Heap corruption in MP4 demuxer.
- <a href="sa1103.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1102 (CVE-2011-0531)</dt>
-<dd>Insufficient input validation in MKV demuxer.
- <a href="sa1102.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1101 (CVE-2011-0021)</dt>
-<dd>Heap corruption in CDG codec.
- <a href="sa1101.html">Details</a>
-</dd>
-</dl>
-
-<h2>2010</h2>
-<dl>
-<dt>VideoLAN-SA-1007 (CVE-2010-3907)</dt>
-<dd>Buffer overflow in Real Media demuxer.
- <a href="sa1007.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1006</dt>
-<dd>Stack smashing in SMB/CIFS access.
- <a href="sa1006.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1005 (CVE-2010-3124)</dt>
-<dd>DLL preloading vulnerability.
- <a href="sa1005.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1004 (CVE-2010-2937)</dt>
-<dd>Insufficient input validation VLC TagLib plugin.
- <a href="sa1004.html">Details</a>
-</dd>
-
-<dt>VideoLAN-SA-1003 (CVE-2010-1441..5)</dt>
-<dd>Multiple vulnerabilities in VLC. <a href="sa1003.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-1002</dt>
-<dd>Buffer overflow in ancient VLC media player <a href="sa1002.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-1001</dt>
-<dd>Clam AntiVirus input validation error <a href="sa1001.html">Details</a>
-</dd>
-</dl>
-<h2>2009</h2>
-
-<dl>
-<dt>VideoLAN-SA-0901</dt>
-<dd>Stack overflows in VLC demuxers. <a href="sa0901.html">Details</a>
-</dd>
-</dl>
-<h2>2008</h2>
-
-<dl>
-<dt>VideoLAN-SA-0811 (CVE-2008-5276)</dt>
-<dd>Buffer overflows in VLC Real demuxers. <a href="sa0811.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0810 (CVE-2008-5032, CVE-2008-5036)</dt>
-<dd>Multiple overflows in VLC demuxers. <a href="sa0810.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0809 (CVE-2008-4654, CVE-2008-4686)</dt>
-<dd>Buffer overflow in VLC TiVo demuxer. <a href="sa0809.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0807 (CVE-2008-3732, CVE-2008-3794)</dt>
-<dd>Multiple overflows in VLC demuxers. <a href="sa0807.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0806 (CVE-2008-2430)</dt>
-<dd>Arbitrary code execution through potential heap-overflows in VLC's WAV demuxer. <a href="sa0806.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0805 (CVE-2008-2147)</dt>
-<dd>Arbitrary code execution through rogue VLC plugins in the current directory. <a href="sa0805.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0804 (CVE-2007-6683)</dt>
-<dd>Arbitrary file overwrite and other abuses through M3U parser and browsers plugins. <a href="sa0804.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0803 (CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769)</dt>
-<dd>Arbitrary memory overwrite vulnerabilities in multiple modules:
-Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. <a href="sa0803.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0802, CORE-2008-0130 (CVE-2008-0984)</dt>
-<dd>Arbitrary memory overwrite vulnerability in the MP4 demuxer. <a href="sa0802.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0801 (CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296)</dt>
-<dd>Format string vulnerability in the Web interface. Stack-based buffer overflow in the Subtitles demuxer.
-	String buffer overflows in the Real RTSP demuxer. <a href="sa0801.html">Details</a></dd>
-</dl>
-
-<h2>2007</h2>
-
-<dl>
-<dt>VideoLAN-SA-0703, CORE-2007-1004 (CVE-2007-6262)</dt>
-<dd>Recursive plugin release vulnerability in the Active X plugin. <a href="sa0703.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0702 (CVE-2007-3316)</dt>
-<dd>Format string injection in Vorbis, Theora, SAP and CDDA plugins. <a href="sa0702.html">Details</a>
-</dd>
-<dt>VideoLAN-SA-0701, MOAB-02-01-2007 (CVE-2007-0017)</dt>
-<dd>URL format string injection in CDDA and VCDX plugins. <a href="sa0701.html">Details</a>
-</dd>
-</dl>
-
+<p>Please note that signed emails are welcome, and responsible disclosure is very much appreciated.</p>
 </div>
+
+<div class="row">
+    <div class="col-md-6">
+        <h2>VLC release Security Bulletins <em>(SB)</em></h2>
+           <p>Those bulletins are related to each VLC release and can be made of multiple security issues, internal and external.</p>
+           <h3>2020</h3>
+           <dl>
+           <dt>VideoLAN-SB-VLC-309</dt>
+           <dd>Multiple vulnerabilities fixed in VLC media player 3.0.9/3.0.10
+            <a href="sb-vlc309.html">Details</a>
+           </dd>
+
+           <h2>2019</h2>
+           <dl>
+
+           <dt>VideoLAN-SB-VLC-308</dt>
+           <dd>Multiple vulnerabilities fixed in VLC media player 3.0.8
+            <a href="sb-vlc308.html">Details</a>
+           </dd>
+    </div>
+
+    <div class="col-md-6">
+
+       <h2>VideoAN security advisories</h2>
+
+       <p><strong>Please note</strong>:
+       The VideoLAN project does not issue security advisories
+       for underlying third party libraries.
+       Please refer to the concerned third parties as appropriate.
+       </p>
+       <h3>2019</h3>
+       <dl>
+
+       <dt>VideoLAN-SA-1901</dt>
+       <dd>Buffer overflow in avi demuxer &amp; heap use after free in mkv demuxer
+        <a href="sa1901.html">Details</a>
+       </dd>
+
+       <h3>2018</h3>
+       <dl>
+
+       <dt>VideoLAN-SA-1801</dt>
+       <dd>Heap use after free in avformat demuxer
+        <a href="sa1801.html">Details</a>
+       </dd>
+
+       <h3>2016</h3>
+       <dl>
+
+       <dt>VideoLAN-SA-1601</dt>
+       <dd>Buffer Overflow in Processing QuickTime IMA Files
+        <a href="sa1601.html">Details</a>
+       </dd>
+
+       <h3>2015</h3>
+       <dl>
+
+       <dt>VideoLAN-SA-1501</dt>
+       <dd>Multiple heap and buffer overflows
+        <a href="sa1501.html">Details</a>
+       </dd>
+
+
+       <h3>2013</h3>
+       <dl>
+
+       <dt>VideoLAN-SA-1302 (CVE-2013-1954)</dt>
+       <dd>Overflow in ASF Demuxer
+        <a href="sa1302.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1301</dt>
+       <dd>Overflow in subtitles decoder
+        <a href="sa1301.html">Details</a>
+       </dd>
+
+
+       <h3>2012</h3>
+       <dl>
+
+       <dt>VideoLAN-SA-1203 (CVE-2012-5470)</dt>
+       <dd>Overflow in PNG decoder
+        <a href="sa1203.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1202 (CVE-2012-1776)</dt>
+       <dd>Heap overflows in Real RTPS protocol
+        <a href="sa1202.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1201 (CVE-2012-1775)</dt>
+       <dd>Stack overflow in MMS protocol
+        <a href="sa1201.html">Details</a>
+       </dd>
+
+
+       <h3>2011</h3>
+       <dl>
+       <dt>VideoLAN-SA-1108 (CVE-2012-0023)</dt>
+       <dd>Heap corruption in TiVo demuxer.
+        <a href="sa1108.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1107 (CVE-2011-3333)</dt>
+       <dd>NULL dereference in HTTP and RTSP server.
+        <a href="sa1107.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1106 (CVE-2011-2588)</dt>
+       <dd>Heap buffer overflow in AVI demuxer.
+        <a href="sa1106.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1105 (CVE-2011-2587)</dt>
+       <dd>Heap buffer overflow in RealMedia demuxer.
+        <a href="sa1105.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1104 (CVE-2011-2194)</dt>
+       <dd>Integer overflow in XSPF demuxer.
+        <a href="sa1104.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1103 (CVE-2011-1684)</dt>
+       <dd>Heap corruption in MP4 demuxer.
+        <a href="sa1103.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1102 (CVE-2011-0531)</dt>
+       <dd>Insufficient input validation in MKV demuxer.
+        <a href="sa1102.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1101 (CVE-2011-0021)</dt>
+       <dd>Heap corruption in CDG codec.
+        <a href="sa1101.html">Details</a>
+       </dd>
+       </dl>
+
+       <h3>2010</h3>
+       <dl>
+       <dt>VideoLAN-SA-1007 (CVE-2010-3907)</dt>
+       <dd>Buffer overflow in Real Media demuxer.
+        <a href="sa1007.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1006</dt>
+       <dd>Stack smashing in SMB/CIFS access.
+        <a href="sa1006.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1005 (CVE-2010-3124)</dt>
+       <dd>DLL preloading vulnerability.
+        <a href="sa1005.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1004 (CVE-2010-2937)</dt>
+       <dd>Insufficient input validation VLC TagLib plugin.
+        <a href="sa1004.html">Details</a>
+       </dd>
+
+       <dt>VideoLAN-SA-1003 (CVE-2010-1441..5)</dt>
+       <dd>Multiple vulnerabilities in VLC. <a href="sa1003.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-1002</dt>
+       <dd>Buffer overflow in ancient VLC media player <a href="sa1002.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-1001</dt>
+       <dd>Clam AntiVirus input validation error <a href="sa1001.html">Details</a>
+       </dd>
+       </dl>
+       <h3>2009</h3>
+
+       <dl>
+       <dt>VideoLAN-SA-0901</dt>
+       <dd>Stack overflows in VLC demuxers. <a href="sa0901.html">Details</a>
+       </dd>
+       </dl>
+       <h3>2008</h3>
+
+       <dl>
+       <dt>VideoLAN-SA-0811 (CVE-2008-5276)</dt>
+       <dd>Buffer overflows in VLC Real demuxers. <a href="sa0811.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0810 (CVE-2008-5032, CVE-2008-5036)</dt>
+       <dd>Multiple overflows in VLC demuxers. <a href="sa0810.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0809 (CVE-2008-4654, CVE-2008-4686)</dt>
+       <dd>Buffer overflow in VLC TiVo demuxer. <a href="sa0809.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0807 (CVE-2008-3732, CVE-2008-3794)</dt>
+       <dd>Multiple overflows in VLC demuxers. <a href="sa0807.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0806 (CVE-2008-2430)</dt>
+       <dd>Arbitrary code execution through potential heap-overflows in VLC's WAV demuxer. <a href="sa0806.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0805 (CVE-2008-2147)</dt>
+       <dd>Arbitrary code execution through rogue VLC plugins in the current directory. <a href="sa0805.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0804 (CVE-2007-6683)</dt>
+       <dd>Arbitrary file overwrite and other abuses through M3U parser and browsers plugins. <a href="sa0804.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0803 (CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769)</dt>
+       <dd>Arbitrary memory overwrite vulnerabilities in multiple modules:
+       Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. <a href="sa0803.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0802, CORE-2008-0130 (CVE-2008-0984)</dt>
+       <dd>Arbitrary memory overwrite vulnerability in the MP4 demuxer. <a href="sa0802.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0801 (CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296)</dt>
+       <dd>Format string vulnerability in the Web interface. Stack-based buffer overflow in the Subtitles demuxer.
+       	String buffer overflows in the Real RTSP demuxer. <a href="sa0801.html">Details</a></dd>
+       </dl>
+
+       <h3>2007</h3>
+
+       <dl>
+       <dt>VideoLAN-SA-0703, CORE-2007-1004 (CVE-2007-6262)</dt>
+       <dd>Recursive plugin release vulnerability in the Active X plugin. <a href="sa0703.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0702 (CVE-2007-3316)</dt>
+       <dd>Format string injection in Vorbis, Theora, SAP and CDDA plugins. <a href="sa0702.html">Details</a>
+       </dd>
+       <dt>VideoLAN-SA-0701, MOAB-02-01-2007 (CVE-2007-0017)</dt>
+       <dd>URL format string injection in CDDA and VCDX plugins. <a href="sa0701.html">Details</a>
+       </dd>
+       </dl>
+
+   </div>
 </div>
 
 



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/442052bc704118b2aa51e3c1f9d05afef171639c

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/442052bc704118b2aa51e3c1f9d05afef171639c
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May  7 17:24:19 2020
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Thu, 07 May 2020 17:24:19 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] Update security page
Message-ID: <5eb42823e23f0_9c3c3f84614d9598417980@gitlab.mail>



Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites


Commits:
7dfffc11 by Jean-Baptiste Kempf at 2020-05-07T17:24:11+02:00
Update security page

- - - - -


1 changed file:

- www.videolan.org/security/index.php


Changes:

=====================================
www.videolan.org/security/index.php
=====================================
@@ -7,15 +7,17 @@
 
 <div class="container">
 <div class="row">
-<h1 class="bigtitle">Security</h1>
-<h2>Security contacts</h2>
-<p><strong>Email</strong>: security at REMOVE@videolan.org.</p>
-<p>Please note that signed emails are welcome, and responsible disclosure is very much appreciated.</p>
+    <h1 class="bigtitle">Security</h1>
+    <div class="col-md-12">
+      <h2>Security contacts</h2>
+      <p><strong>Email</strong>: security at REMOVE@videolan.org.</p>
+      <p>Please note that signed emails are welcome, and responsible disclosure is very much appreciated.</p>
+    </div>
 </div>
 
 <div class="row">
     <div class="col-md-6">
-        <h2>VLC release Security Bulletins <em>(SB)</em></h2>
+        <h2>VLC releases Security Bulletins <em>(SB)</em></h2>
            <p>Those bulletins are related to each VLC release and can be made of multiple security issues, internal and external.</p>
            <h3>2020</h3>
            <dl>



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/7dfffc11c2558a7c29be95e0fa2cd160106d4ab8

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/7dfffc11c2558a7c29be95e0fa2cd160106d4ab8
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May  7 18:31:05 2020
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Thu, 07 May 2020 18:31:05 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] SB 3.0.9 iOS and
 Android
Message-ID: <5eb437c9535a4_9c3c3f8449e66c0442222f@gitlab.mail>



Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites


Commits:
8955a3a9 by Jean-Baptiste Kempf at 2020-05-07T18:30:53+02:00
SB 3.0.9 iOS and Android

- - - - -


1 changed file:

- www.videolan.org/security/sb-vlc309.php


Changes:

=====================================
www.videolan.org/security/sb-vlc309.php
=====================================
@@ -41,8 +41,11 @@ until the patch is applied.
 </p>
 <p>Until VLC gets updated to the 3.0.9 version, it is advised not to use the network discovery, including for chromecast</p>
 
+<h2>VLC-iOS</h2>
+<p>VLC on iOS suffered from an access to restricted folders <em>(passcode feature)</em> under the web interface without entering the passcode.</p>
+
 <h2>Solution</h2>
-<p>VLC media player <b>3.0.9</b> addresses the issues.
+<p>VLC media player <b>3.0.9</b> addresses the issues. The Android versions <b>3.2.12</b> and iOS <b>3.2.7</b> are addressing those issues too.
 </p>
 
 <h2>Credits</h2>
@@ -60,6 +63,9 @@ until the patch is applied.
 <dt>VLC official GIT repository</dt>
 <dd><a href="http://git.videolan.org/?p=vlc/vlc-3.0.git">http://git.videolan.org/?p=vlc.git</a>
 </dd>
+<dt>VLC-iOS official GIT repository</dt>
+<dd><a href="https://code.videolan.org/videolan/vlc-ios">https://code.videolan.org/videolan/vlc-ios</a>
+</dd>
 </dl>
 
 </div>



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/8955a3a97fc8031b124b7d54addcd106306db081

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/8955a3a97fc8031b124b7d54addcd106306db081
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May  7 18:33:51 2020
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Thu, 07 May 2020 18:33:51 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] Fix typo
Message-ID: <5eb4386f13c8a_9c3c3f8458ff19ac422450@gitlab.mail>



Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites


Commits:
5d3421ef by Jean-Baptiste Kempf at 2020-05-07T18:33:37+02:00
Fix typo

- - - - -


1 changed file:

- www.videolan.org/security/index.php


Changes:

=====================================
www.videolan.org/security/index.php
=====================================
@@ -37,7 +37,7 @@
 
     <div class="col-md-6">
 
-       <h2>VideoAN security advisories</h2>
+       <h2>VideoLAN security advisories</h2>
 
        <p><strong>Please note</strong>:
        The VideoLAN project does not issue security advisories



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/5d3421ef8aea3bbbc7ec63120e0d3610fc9530b2

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/5d3421ef8aea3bbbc7ec63120e0d3610fc9530b2
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Sat May  9 11:17:54 2020
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Sat, 09 May 2020 11:17:54 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] SB-309 add ios credit
Message-ID: <5eb6754237f91_9c3c3f84498191d0472475@gitlab.mail>



Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites


Commits:
6d8a3745 by Jean-Baptiste Kempf at 2020-05-09T11:17:35+02:00
SB-309 add ios credit

- - - - -


1 changed file:

- www.videolan.org/security/sb-vlc309.php


Changes:

=====================================
www.videolan.org/security/sb-vlc309.php
=====================================
@@ -49,8 +49,9 @@ until the patch is applied.
 </p>
 
 <h2>Credits</h2>
-<p>CVE-2019-19721 was reported by Antonio Morales from the Semmle Security Team</p>
-<p>CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 were discovered &amp; reported by Claudio Bozzato from Cisco Talos</p>
+<p>CVE-2019-19721 was reported by Antonio Morales from the Semmle Security Team.</p>
+<p>CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 were discovered &amp; reported by Claudio Bozzato from Cisco Talos.</p>
+<p>VLC iOS web interface issue was reported by Dhiraj Mishra.</p>
 
 <h2>Special thanks</h2>
 <p>VideoLAN would like to thank Antonio Morales and Claudio Bozzato for their time and cooperation with the VideoLAN security team</p>



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/6d8a3745a3e47663c85faca7c8dfe9991e53b685

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/6d8a3745a3e47663c85faca7c8dfe9991e53b685
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May 21 00:10:26 2020
From: gitlab at videolan.org (Konstantin Pavlov)
Date: Thu, 21 May 2020 00:10:26 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] vlc-stats.ref file
 with new i18n data
Message-ID: <5ec5aad2ab540_85213f9e9c90d8806303b@gitlab.mail>



Konstantin Pavlov pushed to branch master at VideoLAN organization / websites


Commits:
f4503387 by Michał Trzebiatowski at 2020-05-20T23:36:27+02:00
vlc-stats.ref file with new i18n data

- - - - -


1 changed file:

- www.videolan.org/developers/i18n/vlc-stats.ref


Changes:

=====================================
www.videolan.org/developers/i18n/vlc-stats.ref
=====================================
@@ -37,7 +37,7 @@ ga.po 2727 3 3490
 gd.po 2472 1 3747
 gl.po 6127 4 89
 gu.po 5509 4 707
-he.po 3927 3 2290
+he.po 4024 0 2196
 hi.po 1095 2 5123
 hr.po 5044 2 1174
 hu.po 6220 0 0
@@ -63,7 +63,7 @@ ml.po 6220 0 0
 mn.po 1331 2 4887
 mr.po 5524 4 692
 ms.po 6220 0 0
-nb.po 5842 4 374
+nb.po 5854 0 366
 ne.po 2625 3 3592
 nl.po 6220 0 0
 nn.po 3552 2 2666
@@ -72,7 +72,7 @@ pa.po 3432 4 2784
 pl.po 6220 0 0
 ps.po 714 2 5504
 pt_BR.po 6220 0 0
-pt_PT.po 6213 4 3
+pt_PT.po 6220 0 0
 ro.po 4480 2 1738
 ru.po 6220 0 0
 sc.po 802 0 5414



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/f45033870f1758e5d1f6dd6344a10339f3ddd0fe

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/f45033870f1758e5d1f6dd6344a10339f3ddd0fe
You're receiving this email because of your account on code.videolan.org.



From gitlab at videolan.org  Thu May 21 00:15:21 2020
From: gitlab at videolan.org (Konstantin Pavlov)
Date: Thu, 21 May 2020 00:15:21 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] Rebuild vlcstat.html
 when vlc-stats.ref changes
Message-ID: <5ec5abf9477f5_85213f9e9c90c64c64487@gitlab.mail>



Konstantin Pavlov pushed to branch master at VideoLAN organization / websites


Commits:
d92421c2 by Konstantin Pavlov at 2020-05-21T01:14:49+03:00
Rebuild vlcstat.html when vlc-stats.ref changes

- - - - -


1 changed file:

- www.videolan.org/developers/i18n/Makefile.inc


Changes:

=====================================
www.videolan.org/developers/i18n/Makefile.inc
=====================================
@@ -1,2 +1,3 @@
 # Additionnal dependencies
 index.html: languages
+vlcstat.html: vlc-stats.ref



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/d92421c279930e1b5f8fd24d21f00aba6e739036

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/d92421c279930e1b5f8fd24d21f00aba6e739036
You're receiving this email because of your account on code.videolan.org.