Upstream wants 0.9.x stable (see $URL and [1] ) as they consider 0.8.x unsupported even from a security point of view. Also, there is a fix for an overflow issue [2] which is not in any released version. According to aballier, we're going to wait at least for 0.9.5. media-video, please approve, once 0.9.5 is released, in the tree and you consider it ready to be marked stable. Using this bug just for tracking 0.9.x stabilization atm. [1] http://mailman.videolan.org/pipermail/vlc/2008-October/016125.html [2] http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=fde9e1cc1fe1ec9635169fa071e42b3aa6436033
http://www.videolan.org/security/sa0809.html maybe better than "unknown security issues" :)
Code paths in ty.c are different in VLC 0.8.6i, so it does not seem affected.
http://secunia.com/advisories/32339/
This can also be handled here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4686
vlc 0.9.5 is in the tree; I had to drop alpha, ppc and ppc64 keywords due to the new dep: libv4l. I dunno if you want to handle rekeywording here. (In reply to comment #0) > [1] http://mailman.videolan.org/pipermail/vlc/2008-October/016125.html The tivo bug doesn't affect current stable it seems, and since this is open source I tend to consider "unknown security issues" as FUD. However, Rémi is probably right there: there have been lots of bugfixes in 0.9 since 0.8.6, and if analysed correctly may probably lead to exploitable code. I don't have the courage to dig into two years of changes. As such, I'd like to have 0.9.5 stable asap, be it done for/by security or not. Maybe we could have a compromise: wait a couple of weeks just in case and then move it to stable? 0.9.x are just bugfixes releases of 0.9.0.
All the issues we are currently aware of only affect ~arch ebuils (>0.9.0 <0.9.5) of VLC. Given the warning by upstream and you (Alexis), I agree we should push 0.9.5 to our stable users sooner than later. Let's get the ~arch keywords back now, and target a stabling on this bug in one week, Oct. 31. == Arches: alpha, ppc, ppc64 == Please readd your ~arch keywords to =media-video/vlc-0.9.5
~ppc64 done
Added ~ppc
(In reply to comment #6) > Let's get the ~arch keywords back now, and target a stabling on this bug in one > week, Oct. 31. So it seems we'll need this for stabling a new ffmpeg...
Stable date is due, stabling will be handled on bug 245774 after all issues are ironed out. Moving the blocker against bug 245285 to bug 245774...
alpha's ~arch on >=0.9.5 is still needed for this but to be FIXED
09 Nov 2008; Tobias Klausmann <klausman@gentoo.org> vlc-0.9.6.ebuild: Stable on alpha, bug #245774