"A denial of service could be triggered with a wrong mp4 file (div by 0) (#27202) Fix crashes with multiple files due to double free (#26930) A denial of service could be triggered with wrong oog file (null pointer dereference) (#27294) Potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played (#27335, CVE-2022-41325)" "Code execution" bug is in 3.0.18: https://code.videolan.org/videolan/vlc/-/commit/4fcace61801f418786c42487c6b06b693ee87666 Please stabilize 3.0.18
commit f16a83b775dfc3f79a78b9e3d252cfc71ba95a53 Author: Sam James <sam@gentoo.org> Date: Wed Feb 8 20:49:02 2023 +0000 media-video/vlc: drop 3.0.17.4-r2
Hello everyone, There is no <media-video/vlc-3.0.20 in the Portage tree already. Shouldn't this bug be closed?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=adf654e272246b70c63a0f741e7f336f235d0fc8 commit adf654e272246b70c63a0f741e7f336f235d0fc8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-22 07:58:11 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-22 07:58:21 +0000 [ GLSA 202409-17 ] VLC: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/788226 Bug: https://bugs.gentoo.org/883943 Bug: https://bugs.gentoo.org/917274 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-17.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)