From gitlab at videolan.org Wed Nov 1 22:24:31 2023 From: gitlab at videolan.org (Jean-Baptiste Kempf (@jbk)) Date: Wed, 01 Nov 2023 23:24:31 +0100 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Update counters to 3.0.20 Message-ID: <6542d01f14bc2_1e84e643514e904057981@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: ec0c7df9 by Jean-Baptiste Kempf at 2023-11-01T23:24:16+01:00 Update counters to 3.0.20 - - - - - 1 changed file: - www.videolan.org/include/os-specific.php Changes: ===================================== www.videolan.org/include/os-specific.php ===================================== @@ -1,10 +1,10 @@ Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 7c7e9da3 by Felix Paul K?hne at 2023-11-03T12:45:14+01:00 VLC 3.0.19/20: add release documentation This fixes vlc#28140 - - - - - 6 changed files: - www.videolan.org/news.msg - www.videolan.org/security/index.php - + www.videolan.org/security/sb-vlc3019.php - + www.videolan.org/security/sb-vlc3020.php - + www.videolan.org/vlc/releases/3.0.20.php - www.videolan.org/vlc/releases/index.php Changes: ===================================== www.videolan.org/news.msg ===================================== @@ -1,5 +1,7 @@ # Comments begin with a # # New topics begin with mechanism# +|2 November 2023|VLC 3.0.20|Today, VideoLAN is publishing the 3.0.20 release of VLC, which is a medium update to VLC's 3.0 branch: it updates codecs, fixes a FLAC quality issue and improves playback of numerous formats including improved subtitles rendering. It also fixes a freeze when using frame-by-frame actions. On macOS, audio layout problems are resolved. Finally, we update the user interface translations and add support for more. Additional details on the release page. This release also fixes two security issues, which are detailed here and there. + |3 May 2023|VLC for iOS, iPadOS and Apple TV 3.4.0|We are happy to announce a major update of VLC for iOS, iPadOS and tvOS adding a new audio playback interface, CarPlay integration, various improvements to the local media library and iterations to existing features such as WiFi Sharing. Notably, we also added maintenance improvements to the port to tvOS including support for the Apple Remote's single click mode. See the press release for details. |29 November 2022|VLC 3.0.18|Today, VideoLAN is publishing the 3.0.18 release of VLC, which adds support for a few formats, improves adaptive streaming support, fixes some crashes and updates many third party libraries. More details on the release page. This release also fixes multiple security issues, which are detailed here. ===================================== www.videolan.org/security/index.php ===================================== @@ -19,6 +19,17 @@

VLC releases Security Bulletins (SB)

Those bulletins are related to each VLC release and can be made of multiple security issues, internal and external.

+

2023

+
+
VideoLAN-SB-VLC-320
+
Vulnerability fixed in VLC media player 3.0.20 + Details +
+
VideoLAN-SB-VLC-319
+
Vulnerability fixed in VLC media player 3.0.19 + Details +
+

2022

VideoLAN-SB-VLC-318
===================================== www.videolan.org/security/sb-vlc3019.php ===================================== @@ -0,0 +1,55 @@ + + + +
+ +

Security Bulletin VLC 3.0.19

+
+Summary           : Two vulnerabilities fixed in VLC media player
+Date              : November 2023
+Affected versions : VLC media player 3.0.18 and earlier
+ID                : VideoLAN-SB-VLC-3019
+
+ +

Details

+

Fix potential arbitrary code execution with system priviledges on uninstallation on Windows (!4292, CVE-2023-46814)

+ +

Impact

+

If successful, a malicious third party could trigger an execution of an arbitrary binary on uninstallation of VLC with system priviledges.

+

We have not seen exploits performing code execution through this vulnerability.

+
+ +

Threat mitigation

+

Exploitation of this issue requires the user to explicitly uninstall VLC using the provided uninstaller.

+ +

Workarounds

+

Keep VLC installed until updated to version 3.0.19 or later.

+ +

Solution

+

VLC media player 3.0.19 addresses the issue.

+ +

Credits

+

The NSIS uninstaller vulnerability was reported by Patrick Murphy of the Lockheed Martin Red Team (!4292, CVE-2023-46814).

+ +

Additional notes

+

VLC 3.0.19 also bumps some dependencies, notably zlib and vpx, following the publication of CVE-2022-37434 and CVE-2023-5217.

+ +

References

+
+
The VideoLAN project
+
http://www.videolan.org/ +
+
VLC official GIT repository
+
http://git.videolan.org/?p=vlc.git +
+
+ +
+ + ===================================== www.videolan.org/security/sb-vlc3020.php ===================================== @@ -0,0 +1,52 @@ + + + +
+ +

Security Bulletin VLC 3.0.20

+
+Summary           : Vulnerability fixed in VLC media player
+Date              : November 2023
+Affected versions : VLC media player 3.0.19 and earlier
+ID                : VideoLAN-SB-VLC-3020
+
+ +

Details

+

A denial of service could be triggered with a maliciously crafted mms stream (out-of-bounds write)

+ +

Impact

+

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

+

While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.

+

We have not seen exploits performing code execution through this vulnerability.

+
+ +

Threat mitigation

+

Exploitation of those issues requires the user to explicitly open a maliciously crafted mms stream.

+ +

Workarounds

+

The user should refrain from opening mms streams from untrusted third parties (or disable the VLC browser plugins), until the patch is applied. +

+ +

Solution

+

VLC media player 3.0.20 addresses the issue. +

+ +

References

+
+
The VideoLAN project
+
http://www.videolan.org/ +
+
VLC official GIT repository
+
http://git.videolan.org/?p=vlc.git +
+
+ +
+ + ===================================== www.videolan.org/vlc/releases/3.0.20.php ===================================== @@ -0,0 +1,560 @@ + +
+ +

VLC 3.0.20 Vetinari

+
VLC 3.0.20 is the twenty-first version of the "Vetinari" branch of our popular media player.
+
+ + + + +
+
+
+ + + + + + +
+
+
+

Hardware accelerated decoding for HD and UHD

+ + + + + +
+ +
+ + Download VLC icon + + + Version 3.0 + + + +
+
+
+ +
+
+

+
+
+
    +
  • VLC 3.0.20 is the twenty-first update of "Vetinari":
    • +
  • Improves playback of numerous formats including rendering of certain subtitles
    • +
  • Codec updates
    • +
  • Fix FLAC rendering quality issue
    • +
  • Fix playback of numerous files with some older AMD GPU graphics cards drivers
    • +
  • Add AV1 hardware decoding on Windows
    • +
+
+
+
    +
  • Many updates of third party libraries
    • +
  • Improve SMB compatibility with Windows 11 hosts
    • +
  • Update of most translations and add new ones to Esperanto, Interlingue, Lao, Macedonian, Burmese, Odia, Samoan and Swahili
    • +
  • Fixed multiple security issues, which are detailed here and there
    • +
    Read the Changelog.
    +
+
+
+
+ +
+

+
+
+
    +
  • VLC 3.0 "Vetinari" is a new major update of VLC
    • +
  • VLC 3.0 activates hardware decoding by default, to get 4K and 8K playback!
    • +
  • It supports 10bits and HDR
    • +
  • VLC supports 360 video and 3D audio, up to Ambisonics 3rd order
    • +
+
+
+
    +
  • Allows audio passthrough for HD audio codecs
    • +
  • Can stream to Chromecast devices, even in formats not supported natively
    • +
  • Can play Blu-Ray Java menus: BD-J
    • +
  • VLC supports browsing of local network drives and NAS
    • +
    Read the Changelog.
    +
+
+
+
+
+ +
+
+
+
+

VLC 3.0 playing 8K 48fps 360 video on Android Galaxy S8 from VideoLAN on Vimeo.

+
+
+
+

VLC 3.0 playing 8k60 on Windows 10 using i7 GPU from VideoLAN on Vimeo.

+
+
+
+
+
+
+
+

3.0

+
+
+ +
+
+
+
+
+
    +
  • Network browsing for distant filesystems (SMB, FTP, SFTP, NFS...) +
  • HDMI passthrough for Audio HD codecs, like E-AC3, TrueHD or DTS-HD +
  • 12bits codec and extended colorspaces (HDR) +
  • Stream to distant renderers, like Chromecast +
  • 360 video and 3D audio playback with viewpoint change +
  • Support for Ambisonics audio and more than 8 audio channels +
  • Subtitles size modification during playback +
  • Secure passwords storage +
+
+
+
+
+
+
+
+
    +
  • Hardware decoding and display on all platforms
    • +
  • HEVC hardware decoding on Windows, using DxVA2 and D3D11
    • +
  • HEVC hardware decoding using OMX and MediaCodec (Android)
    • +
  • MPEG-2, VC1/WMV3 hardware decoding on Android
    • +
  • Important improvements for the MMAL decoder and output for rPI and rPI2
    • +
  • HEVC and H.264 hardware decoding for macOS and and iOS based on VideoToolbox
    • +
  • New VA-API decoder and rendering for Linux
    • +
+
+
+
+
+ +
+
+
+
+
+
    +
  • BD-Java menus and overlay in Blu-Ray
    • +
  • Experimental AV1 video and Daala video decoders
    • +
  • OggSpots video decoder
    • +
  • New MPEG-1 & 2 audio layer I, II, III + MPEG 2.5 decoder based on libmpg123
    • +
  • New BPG decoder based on libbpg
    • +
  • TDSC, Canopus HQX, Cineform, SpeedHQ, Pixlet, QDMC and FMVC decoders
    • +
  • TTML subtitles support, including EBU-TT variant
    • +
  • Rewrite of webVTT subtitles support, including CSS style support
    • +
  • BluRay text subtitles (HDMV) deocoder
    • +
  • Support for ARIB-B24, CEA-708
    • +
  • New decoder for MIDI on macOS, iOS and Windows
    • +
+
+
+
+
+
+
+
+
    +
  • Rework of the MP4 demuxer:
    including 608/708, Flip4Mac, XiphQT, VP8, TTML mappings
    • +
  • Rework of the TS demuxer:
    including Opus, SCTE-18, ARIB mappings
    • +
  • HD-DVD .evo support
    • +
  • Rework of the PS demuxer, supporting HEVC, improving compatibility of broken files
    • +
  • Improvements on MKV, including support for DVD-menus and FFv1, and faster seeking
    • +
  • Support for Chained-Ogg, raw-HEVC and improvements for Flac
    • +
  • Support for Creative ADPCM in AVI and VOC files
    • +
  • Improved metadata formats in most file formats
    • +
+
+
+
+
+ +
+
+
+
+
+
    +
  • Full support for Bluray Menus (BD-J) and Bluray ISO
    • +
  • Rewrite of Adaptive Streaming protocols support
    • +
  • Support for HLSv4 to HLSv7, including MP4 and ID3 cases
    • +
  • Rewrite of DASH support, including MPEG2TS and ISOBMFF
    • +
  • Support SAT>IP devices, for DVB-S via IP networks
    • +
  • Support for HTTP 2.0
    • +
  • Support NFS, SMB and SFTP shares, with browsing
    • +
  • Support for SRT streaming protocol
    • +
+
+
+
+
+
+
+
+
    +
  • Support for streaming to Chromecast devices +
  • Support for VP8 and VP9 encoding through libvpx +
  • Support for streaming Opus inside TS +
  • Support for mp4 fragmented muxing +
  • Improvements for x265 encoding +
+
+
+
+
+ +
+
+
+
+
+
    +
  • OpenGL as Linux/BSD default video output
    • +
  • Improvements in OpenGL output: direct displaying and HDR tonemapping
    • +
  • Rework of the Android video outputs
    • +
  • New Direct3D11 video output supporting both Windows desktop and WinRT modes
    • +
  • HDR10 support in Direct3D11 with Windows 10 Fall Creator Update
    • +
  • Hardware deinterlacing on the rPI, using MMAL
    • +
  • Video filter to convert between fps rates
    • +
  • Hardware accelerated deinterlacing/adjust/sharpen/chroma with VA-API
    • +
  • Hardware accelerated adjust/invert/posterize/sepia/sharpen with CoreImage
    • +
  • Hardware accelerated deinterlacing/adjust/chroma with D3D9 and D3D11
    • +
+
+
+
+
+
+
+
+
    +
  • Complete rewrite of the AudioTrack Android output
    • +
  • New Tizen audio output
    • +
  • HDMI/SPDIF pass-through support for WASAPI (AC3/DTS/DTSHD/EAC3/TRUEHD)
    • +
  • Support EAC3 and TRUEHD pass-through for PulseAudio
    • +
  • Rework of the AudioUnit modules to share more code between iOS and macOS
    • +
  • SoX Resampler library audio filter module (converter and resampler)
    • +
  • Ambisonics audio renderer, supporting up to 3rd order
    • +
  • Binauralizer audio filter, working with Ambisonics or 5.1/7.1 streams
    • +
  • Pitch shifting module
    • +
+
+
+
+
+ +
+
+
+
+
+
    +
  • Windows XP ? 11
    • +
  • macOS 10.7 ? 13
    • +
  • iOS 9 ? 16
    • +
  • Android 4.2 ? 13
    • +
  • Android TV, Chromebooks with Play Store
    • +
  • Windows RT 8.1, Windows Phone 8.1
    • +
  • Windows 10 Mobile, Xbox 1, Windows Store
    • +
  • GNU/Linux, Ubuntu, *BSD
    • +
+
+
+
+
+
+
+
+
    +
  • Chromecast support from your phone
    • +
  • HEVC hardware decoding using MediaCodec
    • +
  • Android Auto with voice actions
    • +
  • Available on all Android TV, Chromebooks & DeX
    • +
  • Support for Picture-in-Picture
    • +
  • Playlist files detection
    • +
+
+
+
+
+ +
+
+
VLC SDK - libVLC
+
+
+
    +
  • New bindings for C++ and C++/CX
    • +
  • New input-from-memory to implement custom protocols or DRM +
  • Support for ChromeCast and Renderer targets +
  • Improve API for servers discovery +
  • New API for dialogs, notably for HTTPS warnings +
  • New API to manage slaves inputs, including subtitles over the network +
  • Improve codec, format descriptions and associated metadata +
  • Improve EPG events API +
  • Better support for Android applications, native and Java ones +
+
+
+
+
+ + +
+
+ + +
+ + + +

Download VLC

+
+

Windows

+ + Download VLC icon + + + Version + +
+
+

Android

+ +
+
+
+

macOS

+ + Download VLC icon + + + Version - 64bits + +
+
+

iOS

+ +
+ + +
+
+

Windows Store and UWP

+ +
+ +
+

Windows Phone

+ +
+ +
+
+

Sources

+ Get the source! +
+
+

Linux

+

Ask your favorite packager for VLC 3.0!

+
+ + +
+

Related links

+ + +
+

Contact

+

For any questions related to this release, please contact us.

+
+
+ + + ===================================== www.videolan.org/vlc/releases/index.php ===================================== @@ -9,6 +9,7 @@

VLC Releases

VLC 3.0.x branch

+VLC 3.0.19/3.0.20
VLC 3.0.18
VLC 3.0.17
VLC 3.0.16
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/7c7e9da32dc8a48708095a363a6653126a194a36 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/7c7e9da32dc8a48708095a363a6653126a194a36 You're receiving this email because of your account on code.videolan.org. VideoLAN code repository instance From gitlab at videolan.org Mon Nov 20 16:49:10 2023 From: gitlab at videolan.org (=?UTF-8?B?RmVsaXggUGF1bCBLw7xobmUgKEBma3VlaG5lKQ==?=) Date: Mon, 20 Nov 2023 17:49:10 +0100 Subject: [www-doc] [Git][VideoLAN.org/websites][master] sb-vlc-3.0.19: update credit information Message-ID: <655b8e06d9397_1e84e66138bb8c613854c@gitlab.mail> Felix Paul K?hne pushed to branch master at VideoLAN organization / websites Commits: 7fa0c48f by Felix Paul K?hne at 2023-11-20T17:49:04+01:00 sb-vlc-3.0.19: update credit information - - - - - 1 changed file: - www.videolan.org/security/sb-vlc3019.php Changes: ===================================== www.videolan.org/security/sb-vlc3019.php ===================================== @@ -35,7 +35,7 @@ ID : VideoLAN-SB-VLC-3019

VLC media player 3.0.19 addresses the issue.

Credits

-

The NSIS uninstaller vulnerability was reported by Patrick Murphy of the Lockheed Martin Red Team (!4292, CVE-2023-46814).

+

The NSIS uninstaller vulnerability was reported by the Lockheed Martin Red Team (!4292, CVE-2023-46814).

Additional notes

VLC 3.0.19 also bumps some dependencies, notably zlib and vpx, following the publication of CVE-2022-37434 and CVE-2023-5217.

View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/7fa0c48f91cad72d0b074d32d94d29e37953749e -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/7fa0c48f91cad72d0b074d32d94d29e37953749e You're receiving this email because of your account on code.videolan.org. VideoLAN code repository instance From gitlab at videolan.org Tue Nov 21 12:30:20 2023 From: gitlab at videolan.org (Jean-Baptiste Kempf (@jbk)) Date: Tue, 21 Nov 2023 13:30:20 +0100 Subject: [www-doc] [Git][VideoLAN.org/websites][master] More stats for 3.0.20 Message-ID: <655ca2dc3b182_1e84e661ab54a862704f6@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 757373d3 by Jean-Baptiste Kempf at 2023-11-21T13:30:09+01:00 More stats for 3.0.20 - - - - - 1 changed file: - www.videolan.org/vlc/stats/downloads.php Changes: ===================================== www.videolan.org/vlc/stats/downloads.php ===================================== @@ -216,6 +216,8 @@ "3.0.16" => array( "Windows" => 0, "Macintosh" => 0, "Total" => 0 ), "3.0.17" => array( "Windows" => 0, "Macintosh" => 0, "Total" => 0 ), "3.0.18" => array( "Windows" => 0, "Macintosh" => 0, "Total" => 0 ), + "3.0.19" => array( "Windows" => 0, "Macintosh" => 0, "Total" => 0 ), + "3.0.20" => array( "Windows" => 0, "Macintosh" => 0, "Total" => 0 ), ); $table = array_merge( $table_old, $table_sf ); @@ -520,6 +522,17 @@ "Macintosh" => array( "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-intel64.dmg?stats", "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-arm64.dmg?stats", "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-universal.dmg?stats" ), "Source" => "https://get.videolan.org/vlc/#version#/vlc-#version#.tar.xz?stats", ), + "3.0.19" => array( + "Windows" => array( "https://get.videolan.org/vlc/#version#/win32/vlc-#version#-win32.exe?stats", "https://get.videolan.org/vlc/#version#/win64/vlc-#version#-win64.exe?stats", "https://get.videolan.org/vlc/#version#/win32/vlc-#version#-win32.7z?stats", "https://get.videolan.org/vlc/#version#/win32/vlc-#version#-win32.zip?stats", "https://get.videolan.org/vlc/#version#/win64/vlc-#version#-win64.7z?stats", "https://get.videolan.org/vlc/#version#/win64/vlc-#version#-win64.zip?stats" ), + "Macintosh" => array( "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-intel64.dmg?stats", "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-arm64.dmg?stats", "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-universal.dmg?stats" ), + "Source" => "https://get.videolan.org/vlc/#version#/vlc-#version#.tar.xz?stats", + ), + "3.0.20" => array( + "Windows" => array( "https://get.videolan.org/vlc/#version#/win32/vlc-#version#-win32.exe?stats", "https://get.videolan.org/vlc/#version#/win64/vlc-#version#-win64.exe?stats", "https://get.videolan.org/vlc/#version#/win32/vlc-#version#-win32.7z?stats", "https://get.videolan.org/vlc/#version#/win32/vlc-#version#-win32.zip?stats", "https://get.videolan.org/vlc/#version#/win64/vlc-#version#-win64.7z?stats", "https://get.videolan.org/vlc/#version#/win64/vlc-#version#-win64.zip?stats" ), + "Macintosh" => array( "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-intel64.dmg?stats", "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-arm64.dmg?stats", "https://get.videolan.org/vlc/#version#/macosx/vlc-#version#-universal.dmg?stats" ), + "Source" => "https://get.videolan.org/vlc/#version#/vlc-#version#.tar.xz?stats", + ), + ); foreach( $table as $key => $t ) View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/757373d36b77816251f8898d2e408d109f65fe3e -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/757373d36b77816251f8898d2e408d109f65fe3e You're receiving this email because of your account on code.videolan.org. VideoLAN code repository instance From gitlab at videolan.org Tue Nov 28 09:45:54 2023 From: gitlab at videolan.org (Jean-Baptiste Kempf (@jbk)) Date: Tue, 28 Nov 2023 10:45:54 +0100 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Update GA tag Message-ID: <6565b6d295ff5_1e84e6711eee187224831@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: c05b564b by Jean-Baptiste Kempf at 2023-11-28T10:45:28+01:00 Update GA tag - - - - - 1 changed file: - www.videolan.org/include/header.php Changes: ===================================== www.videolan.org/include/header.php ===================================== @@ -248,15 +248,14 @@ function start_head( $title, } ?> - +