From gitlab at videolan.org Mon Aug 19 17:31:12 2019
From: gitlab at videolan.org (Jean-Baptiste Kempf)
Date: Mon, 19 Aug 2019 17:31:12 +0200
Subject: [www-doc] [Git][VideoLAN.org/websites][master] 3 commits: 3.0.7:
Add missing closing tags
Message-ID: <5d5ac0c052cc_5b353fcc1d3b1c841351892@gitlab.mail>
Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites
Commits:
a4ab8139 by Hugo Beauzée-Luyssen at 2019-08-14T13:07:04Z
3.0.7: Add missing closing tags
- - - - -
0bbdaccb by Hugo Beauzée-Luyssen at 2019-08-14T13:07:04Z
Add 3.0.8 release page
- - - - -
9323d549 by Hugo Beauzée-Luyssen at 2019-08-14T16:08:01Z
Add SA1902
- - - - -
5 changed files:
- www.videolan.org/include/os-specific.php
- www.videolan.org/news.msg
- + www.videolan.org/security/sa1902.php
- www.videolan.org/vlc/releases/3.0.7.php
- + www.videolan.org/vlc/releases/3.0.8.php
Changes:
=====================================
www.videolan.org/include/os-specific.php
=====================================
@@ -1,8 +1,8 @@
More information available on the release page.
+
|7 June 2019|VLC 3.0.7|After 100 millions downloads of 3.0.6, VideoLAN is releasing today the VLC 3.0.7 release, focusing on numerous security fixes, improving HDR support on Windows, and Blu-ray menu support.
VideoLAN would like to thank the EU-FOSSA project from the European Commission, who funded this initiative.
More information available on the release page.
|8 April 2019|VLC for Android 3.1|VideoLAN is happy to present the new major version of VLC for Android platforms. Featuring AV1 decoding with dav1d, Android Auto, Launcher Shortcuts, Oreo/Pie integration, Video Groups, SMBv2, and OTG drive support, but also improvements on Cast, Chromebooks and managing the audio/video libraries, this is a quite large update.
=====================================
www.videolan.org/security/sa1902.php
=====================================
@@ -0,0 +1,68 @@
+
+
+
+
+Summary : Multiple vulnerabilities fixed in VLC media player +Date : August 2019 +Affected versions : VLC media player 3.0.7.1 and earlier for most issues +ID : VideoLAN-SA-1902 +CVE references : CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970 ++ +
A remote user could create a specifically crafted file that could trigger issues ranging from buffer overflows to division by zero.
+ +If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
+While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or +remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.
+We have not seen exploits performing code execution through these vulnerabilities
+While CVE CVE-2019-13602 & CVE-2019-13962 mention a base score of 8.8 and 9.8 respectively, the VideoLAN team believes this severity is highly exagerated; in our +opinion, a base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) would be more reasonable.
+CVE-2019-13962 only affects VLC 3.0.2 to 3.0.7.1 + +
Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.
+ +The user should refrain from opening files from untrusted third parties +or accessing untrusted remote sites (or disable the VLC browser plugins), +until the patch is applied. +
+ +VLC media player 3.0.8 addresses the issues. +
+ +CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970 were reported by Antonio Morales from the Semmle Security Team
+Two issues with pending CVE IDs were reported by Scott Bell from Pulse Security
+CVE-2019-13602 was reported by Hyeon-Ju Lee
+CVE-2019-13962 was reported by Xinyu Liu
+ +VideoLAN would like to thank Antonio Morales and Scott Bell for their time and cooperation with the VideoLAN security team
+ +VLC 3.0 playing 8K 48fps 360 video on Android Galaxy S8 from VideoLAN on Vimeo.
+VLC 3.0 playing 8k60 on Windows 10 using i7 GPU from VideoLAN on Vimeo.
+Ask your favorite packager for VLC 3.0!
+For any questions related to this release, please contact us.
+Summary : Multiple vulnerabilities fixed in VLC media player Date : August 2019 Affected versions : VLC media player 3.0.7.1 and earlier for most issues -ID : VideoLAN-SA-1902 +ID : VideoLAN-SB-VLC-308 CVE references : CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/5a11c1b8aa842ad074a3983d2bfa739559a9333a -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/5a11c1b8aa842ad074a3983d2bfa739559a9333a You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Mon Aug 19 17:45:09 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Mon, 19 Aug 2019 17:45:09 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Fixes for 3.0.8 page Message-ID: <5d5ac4056c750_5b353fcc0f02a85813524b6@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: a53fe460 by Jean-Baptiste Kempf at 2019-08-19T15:45:08Z Fixes for 3.0.8 page - - - - - 1 changed file: - www.videolan.org/vlc/releases/3.0.8.php Changes: ===================================== www.videolan.org/vlc/releases/3.0.8.php ===================================== @@ -209,7 +209,7 @@
Use RPM Fusion for EL8. Available for x86_64, aarch64 and ppc64le
+
This repository uses EPEL +
The vlc-3.0x branch will be provided for EL8 (Work in Progress)
+
+Install rpmfusion-free-release-8.noarch.rpm for EL8.
+ $> su - + #> yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + #> yum install https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm + #> yum install vlc + #> yum install vlc-core (for minimal headless/server install) + #> yum install python-vlc (optionals) ++ +
Use RPM Fusion for EL7. Only available for x86_64.
This repository uses EPEL. Please verify to enable the "optionals" and "extras" channels for RHN subscriptions.
-
The vlc-2.2x branch is provided for EL7
+
The vlc-3.0x branch is provided for EL7
-Install rpmfusion-free-release-stable.noarch.rpm for EL7.
$> su - + #> subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms" # Only needed for RHEL #> yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm #> yum install https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm #> yum install vlc @@ -69,7 +88,7 @@ Install EPEL. Please verify to enable the "optionals" channel for RHN subscriptions.
The vlc-2.0x branch is provided for EL6
+Install rpmfusion-free-release-6.noarch.rpm for EL6.
-Install rpmfusion-free-release-stable.noarch.rpm for EL6.$> su - @@ -85,6 +104,13 @@ Install VLC 3.0.8
VLC 3.0.7
VLC 3.0.6
VLC 3.0.5
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/e8ef2d6a7bf7919fb970c2a2d5541a6130c1caf9 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/e8ef2d6a7bf7919fb970c2a2d5541a6130c1caf9 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Wed Aug 21 12:59:52 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Wed, 21 Aug 2019 12:59:52 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] 3.0.8, update link to the SB. Message-ID: <5d5d2427f412e_5b353fcc1e8a7e7c148743c@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 151a0ae2 by Jean-Baptiste Kempf at 2019-08-21T10:59:55Z 3.0.8, update link to the SB. - - - - - 1 changed file: - www.videolan.org/vlc/releases/3.0.8.php Changes: ===================================== www.videolan.org/vlc/releases/3.0.8.php ===================================== @@ -223,7 +223,7 @@View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/5556fb995ba095daad7980789429cfb0966815d1 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/5556fb995ba095daad7980789429cfb0966815d1 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Aug 30 20:14:13 2019 From: gitlab at videolan.org (=?UTF-8?B?RnJhbsOnb2lzIENhcnRlZ25pZQ==?=) Date: Fri, 30 Aug 2019 20:14:13 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] add vdd15 picture Message-ID: <5d696775cc1b7_6143fb9d36ad4a8361ac@gitlab.mail> François Cartegnie pushed to branch master at VideoLAN organization / websites Commits: 3b889b62 by Francois Cartegnie at 2019-08-30T18:13:13Z add vdd15 picture - - - - - 1 changed file: - + www.videolan.org/images/events/vdd15.jpg Changes: ===================================== www.videolan.org/images/events/vdd15.jpg ===================================== Binary files /dev/null and b/www.videolan.org/images/events/vdd15.jpg differ View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/3b889b62fbe93af75dc4c52a94312c009de75e45 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/3b889b62fbe93af75dc4c52a94312c009de75e45 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Aug 30 20:28:27 2019 From: gitlab at videolan.org (=?UTF-8?B?RnJhbsOnb2lzIENhcnRlZ25pZQ==?=) Date: Fri, 30 Aug 2019 20:28:27 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] VDD: update picture Message-ID: <5d696acb1e8ea_6143fb9d36acee0363c2@gitlab.mail> François Cartegnie pushed to branch master at VideoLAN organization / websites Commits: a6994879 by Francois Cartegnie at 2019-08-30T18:28:04Z VDD: update picture - - - - - 2 changed files: - + www.videolan.org/images/events/vdd19/tokyo.png - www.videolan.org/videolan/events/vdd19/style.css Changes: ===================================== www.videolan.org/images/events/vdd19/tokyo.png ===================================== Binary files /dev/null and b/www.videolan.org/images/events/vdd19/tokyo.png differ ===================================== www.videolan.org/videolan/events/vdd19/style.css ===================================== @@ -192,7 +192,7 @@ h3 { } .where-box { - background: url('/images/events/vdd18/paris.jpg') center no-repeat; + background: url('/images/events/vdd19/tokyo.png') center no-repeat; background-size: cover; } View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/a6994879235a9284b15d4891f545a3a769ec02ed -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/a6994879235a9284b15d4891f545a3a769ec02ed You're receiving this email because of your account on code.videolan.org.View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/151a0ae2577ad5bec1b4b681059df8ca9aa57b62 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/151a0ae2577ad5bec1b4b681059df8ca9aa57b62 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Aug 23 11:39:28 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Fri, 23 Aug 2019 11:39:28 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] Fix date. Message-ID: <5d5fb450dd803_5b353fcc1d4e414c178983d@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: f19335f6 by Jean-Baptiste Kempf at 2019-08-23T09:39:35Z Fix date. - - - - - 1 changed file: - www.videolan.org/news.msg Changes: ===================================== www.videolan.org/news.msg ===================================== @@ -1,6 +1,6 @@ # Comments begin with a # # New topics begin with mechanism# -|13 July 2019|VLC 3.0.8|VideoLAN is now publishing the VLC 3.0.8 release, which improves adaptive streaming support, audio output on macOS, VTT subtitles rendering, and also fixes a dozen of security issues.
- It also fixes security issues:
-- 13 issues, including 5 buffer overflows we fixed. 11 CVEs were assigned and addressed.
+- 13 issues, including 5 buffer overflows we fixed. 11 CVEs were assigned and addressed.
More information available on the release page. +|19 August 2019|VLC 3.0.8|VideoLAN is now publishing the VLC 3.0.8 release, which improves adaptive streaming support, audio output on macOS, VTT subtitles rendering, and also fixes a dozen of security issues.
More information available on the release page. |7 June 2019|VLC 3.0.7|After 100 millions downloads of 3.0.6, VideoLAN is releasing today the VLC 3.0.7 release, focusing on numerous security fixes, improving HDR support on Windows, and Blu-ray menu support.
VideoLAN would like to thank the EU-FOSSA project from the European Commission, who funded this initiative.
More information available on the release page. View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/f19335f6717996a8ca19dfd4900a10c190a990a9 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/f19335f6717996a8ca19dfd4900a10c190a990a9 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Sat Aug 24 18:08:33 2019 From: gitlab at videolan.org (Jean-Paul Saman) Date: Sat, 24 Aug 2019 18:08:33 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] developers: libdvbpsi: version 1.3.3 Message-ID: <5d6161014c1dd_5b353fcc1e8a7ad019694c6@gitlab.mail> Jean-Paul Saman pushed to branch master at VideoLAN organization / websites Commits: 561aaa28 by Jean-Paul Saman at 2019-08-24T15:24:29Z developers: libdvbpsi: version 1.3.3 - - - - - 1 changed file: - www.videolan.org/developers/libdvbpsi.php Changes: ===================================== www.videolan.org/developers/libdvbpsi.php ===================================== @@ -35,7 +35,7 @@Get libdvbpsi
-The latest
+libdvbpsi
(LGPL v2.1) release version 1.3.2. Note: the API has changed since version 0.2.2 you need to update your applications.The latest
libdvbpsi
(LGPL v2.1) release version 1.3.3. Note: the API has changed since version 0.2.2 you need to update your applications.The latest
libdvbpsi
GPL v2 release is version 0.1.7.
libdvbpsi
source code is available through git at:View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/561aaa2852e97474ea0c6cc1c1803de3ac92b739 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/561aaa2852e97474ea0c6cc1c1803de3ac92b739 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Wed Aug 28 19:29:22 2019 From: gitlab at videolan.org (Jean-Baptiste Kempf) Date: Wed, 28 Aug 2019 19:29:22 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] G+ is gone Message-ID: <5d66b9f2dbecf_5b353fcc1e8a72882312580@gitlab.mail> Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites Commits: 88d2c228 by Jean-Baptiste Kempf at 2019-08-28T17:29:34Z G+ is gone - - - - - 2 changed files: - www.videolan.org/include/footer.php - www.videolan.org/include/header.php Changes: ===================================== www.videolan.org/include/footer.php ===================================== @@ -13,9 +13,6 @@ function footer($tag = "", $alternate_lang=array(), $additional_class = "") { View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/b4d04caf3367006c11bee65e020a383d1503bdf8 -- View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/b4d04caf3367006c11bee65e020a383d1503bdf8 You're receiving this email because of your account on code.videolan.org. From gitlab at videolan.org Fri Aug 30 19:44:01 2019 From: gitlab at videolan.org (=?UTF-8?B?RnJhbsOnb2lzIENhcnRlZ25pZQ==?=) Date: Fri, 30 Aug 2019 19:44:01 +0200 Subject: [www-doc] [Git][VideoLAN.org/websites][master] VDD: add sponsors Message-ID: <5d696061f197d_6143fb9d3283b20359dd@gitlab.mail> François Cartegnie pushed to branch master at VideoLAN organization / websites Commits: 5556fb99 by Francois Cartegnie at 2019-08-30T17:43:45Z VDD: add sponsors - - - - - 2 changed files: - + www.videolan.org/images/events/vdd19/sponsors/IIJ.jpg - www.videolan.org/videolan/events/vdd19/index.php Changes: ===================================== www.videolan.org/images/events/vdd19/sponsors/IIJ.jpg ===================================== Binary files /dev/null and b/www.videolan.org/images/events/vdd19/sponsors/IIJ.jpg differ ===================================== www.videolan.org/videolan/events/vdd19/index.php ===================================== @@ -72,11 +72,8 @@ $(function($){git clone https://git.videolan.org/git/libdvbpsi.git
@@ -373,8 +370,8 @@ $(function($){ We are looking for sponsors! - - + +