Debian Bug report logs -
#775866
vlc: multiple vulnerabilities
Reported by: Yves-Alexis Perez <corsac@debian.org>
Date: Tue, 20 Jan 2015 20:51:01 UTC
Severity: grave
Tags: security
Found in version vlc/2.1.5-1
Fixed in versions vlc/2.2.0~rc2-2, vlc/2.0.3-5+deb7u2
Done: Alessandro Ghedini <ghedo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Tue, 20 Jan 2015 20:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Yves-Alexis Perez <corsac@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Tue, 20 Jan 2015 20:51:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: vlc
Version: 2.1.5-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
multiple vulnerabilities were reported against vlc 2.1.5. The complete
mail is at http://seclists.org/oss-sec/2015/q1/187 but at least the
following vulnerabilities are fixed in vlc master branch:
* Buffer overflow in updater:
https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
* Buffer overflow in mp4 demuxer:
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
* Potential buffer overflow in Schroedinger Encoder
https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
* Invalid memory access in rtp code:
https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
* Null-pointer dereference in dmo codec:
https://github.com/videolan/vlc/commit/229c385a79d48e41687fae8b4dfeaeef9c8c3eb7
And there are unfixed ones:
* The potential buffer overflow in the Dirac Encoder was not fixed as
the Dirac encoder no longer exists in the master branch.
* The potential invalid writes in modules/services_discovery/sap.c and
modules/access/ftp.c were not fixed as I did not provide a
trigger. Note, that the code looks very similar to the confirmed bug
in rtp_packetize_xiph_config, and so I leave it to you to decide
whether you want to patch this.
CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so a
DSA might be needed.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Tue, 20 Jan 2015 21:42:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Tue, 20 Jan 2015 21:42:11 GMT) (full text, mbox, link).
Message #10 received at 775866@bugs.debian.org (full text, mbox, reply):
Hi!
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so a
> DSA might be needed.
They were assigned now:
http://www.openwall.com/lists/oss-security/2015/01/20/11
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Wed, 21 Jan 2015 08:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Wed, 21 Jan 2015 08:30:05 GMT) (full text, mbox, link).
Message #15 received at 775866@bugs.debian.org (full text, mbox, reply):
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> Source: vlc
> Version: 2.1.5-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> multiple vulnerabilities were reported against vlc 2.1.5. The complete
> mail is at http://seclists.org/oss-sec/2015/q1/187 but at least the
> following vulnerabilities are fixed in vlc master branch:
>
> * Buffer overflow in updater:
> https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
The Debian package builds with --no-update-check, so it's not affected
by that one.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Wed, 21 Jan 2015 09:00:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <sramacher@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Wed, 21 Jan 2015 09:00:10 GMT) (full text, mbox, link).
Message #20 received at 775866@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2015-01-20 21:47:26, Yves-Alexis Perez wrote:
> And there are unfixed ones:
>
> * The potential buffer overflow in the Dirac Encoder was not fixed as
> the Dirac encoder no longer exists in the master branch.
Similarly, 2.2.0~rc2-1 no longer contains the Dirac encoder, so this
only affects wheezy.
Cheers
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Wed, 21 Jan 2015 11:42:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <sramacher@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Wed, 21 Jan 2015 11:42:05 GMT) (full text, mbox, link).
Message #25 received at 775866@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2015-01-20 21:47:26, Yves-Alexis Perez wrote:
> * Null-pointer dereference in dmo codec:
> https://github.com/videolan/vlc/commit/229c385a79d48e41687fae8b4dfeaeef9c8c3eb7
No CVE was issued for this bug, so I'll omit that patch.
Cheers
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Sebastian Ramacher <sramacher@debian.org>
:
You have taken responsibility.
(Wed, 21 Jan 2015 22:21:09 GMT) (full text, mbox, link).
Notification sent
to Yves-Alexis Perez <corsac@debian.org>
:
Bug acknowledged by developer.
(Wed, 21 Jan 2015 22:21:09 GMT) (full text, mbox, link).
Message #30 received at 775866-close@bugs.debian.org (full text, mbox, reply):
Source: vlc
Source-Version: 2.2.0~rc2-2
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 775866@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 21 Jan 2015 22:41:57 +0100
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore8 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi vlc-plugin-samba vlc-plugin-pulse
Architecture: source all
Version: 2.2.0~rc2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
libvlc-dev - development files for libvlc
libvlc5 - multimedia player and streamer library
libvlccore-dev - development files for libvlccore
libvlccore8 - base library for VLC and its modules
vlc - multimedia player and streamer
vlc-data - Common data for VLC
vlc-dbg - debugging symbols for vlc
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-fluidsynth - FluidSynth plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-notify - LibNotify plugin for VLC
vlc-plugin-pulse - transitional dummy package for vlc
vlc-plugin-samba - Samba plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svg - SVG plugin for VLC
vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 775866
Changes:
vlc (2.2.0~rc2-2) unstable; urgency=medium
.
* debian/patches: Apply upstream patches for security vulnerabilities.
(Closes: #775866)
- codec-schroedinger-fix-potential-buffer-overflow.patch: fix potential
buffer overflow. (CVE-2014-9629)
- demux-mp4-fix-buffer-overflow-in-parsing-of-string-b.patch: fix buffer
overflow in parsing of string boxes. (CVE-2014-9626, CVE-2014-9627,
CVE-2014-9628)
- stream_out-rtp-don-t-use-VLA-for-user-controlled-dat.patch: don't use
VLA for user controlled data. (CVE-2014-9630)
Checksums-Sha1:
5f7324842882ae36aa18c5a6a074245c1ab3043b 5410 vlc_2.2.0~rc2-2.dsc
d124ad416dcc8171ea38d716250db58a1af0ec9b 59516 vlc_2.2.0~rc2-2.debian.tar.xz
e91b8b7b64654651365887c0e63de3dc6fac9d77 5410426 vlc-data_2.2.0~rc2-2_all.deb
91d689787b1b481e0082e61c85929fa9c8ba7060 916 vlc-plugin-pulse_2.2.0~rc2-2_all.deb
Checksums-Sha256:
cd9a53d57402a7888072ce589e89db0f2794d8691857aabac1a1edab7742b642 5410 vlc_2.2.0~rc2-2.dsc
202082c88e4a4b81b11eb7fe2c0a04f638c7fa08bee2d824711659313c8dc178 59516 vlc_2.2.0~rc2-2.debian.tar.xz
204640e68a44ded134311836dda6de2b64e1a17291a50c97c462822435fd5236 5410426 vlc-data_2.2.0~rc2-2_all.deb
baca59d500f8cb32a6a0ab61a3557d431fbbfe32bfe4e9faf0fb00a85bb9f6d8 916 vlc-plugin-pulse_2.2.0~rc2-2_all.deb
Files:
a674accfdebaee47310ca3a4cddc749c 5410 video optional vlc_2.2.0~rc2-2.dsc
3957db5553a882d682d8367d1e577828 59516 video optional vlc_2.2.0~rc2-2.debian.tar.xz
966c48aa910015cb6040800d647308cb 5410426 video optional vlc-data_2.2.0~rc2-2_all.deb
07af522a72f1b206a4911e1e64d30ec8 916 video optional vlc-plugin-pulse_2.2.0~rc2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUwCNLAAoJEGny/FFupxmT+GsQAMFKca1mA2K/0gayORhxWWcl
DxBEfWcHKz12nYpQRse7ZsmjwPqOo9NJRdn5o2/ZR3Vn6Fqza4xraKBr5v6szz/s
S77X03nBAs1PQat20Vt7OWXOlzbtenPWDoezpEOtCQXt0H6jlyk8DJ4q0aMGNMnw
Pkobf9eszJR7IhK/TERev14CMk7dB8I1mHSQeJJdrwKsiwBR+vfeoBLR+/i9N4ol
LazQbX/S1+pFC6uARxVGzeNmaTy8kVaB8ceWkfTqg7NJA374+nKrfDevKgJVNV25
EtNUBY0A0kEP0IP38dGU7IUEVGKqlxLCG7TywsTw+LU7JLlle5DXLz+2LUAeqaP8
QcCGY3e37eBYGdDFvjSSsI7uqbW7Tk+52XPwai+86kWIcTWt15+a3FF44dQOoOwW
29sJQbl4tw6cALAOJmAaSupANpzq8SMlkfygGG3zleknYdYCRvQG+hVIARQ0p8Ge
8n46y7kn9oLhQcMMwQbdkw2U2PdHu9QhOxTKtFo+XFSNdy9CIlR/APbKg24ZRwb8
CIK3rI4P5FPIdu/fayFYIY42NPIbS9HSahaOH1wAyzI7RiKoMS+1FvcKYHigT55D
1NAwQSXYTHjGCbUsOZ5yMdw4BN266c+26LU+aR/o3SqutmACi1ltqDZTCHEEBi63
TSNgex1fnwbbq5QOTj/t
=o18o
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Mon, 26 Jan 2015 12:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Mon, 26 Jan 2015 12:51:04 GMT) (full text, mbox, link).
Message #35 received at 775866@bugs.debian.org (full text, mbox, reply):
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> * The potential invalid writes in modules/services_discovery/sap.c and
> modules/access/ftp.c were not fixed as I did not provide a
> trigger. Note, that the code looks very similar to the confirmed bug
> in rtp_packetize_xiph_config, and so I leave it to you to decide
> whether you want to patch this.
These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
upstream for the status of an upstream fix?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Mon, 26 Jan 2015 16:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <sramacher@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Mon, 26 Jan 2015 16:36:04 GMT) (full text, mbox, link).
Message #40 received at 775866@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > * The potential invalid writes in modules/services_discovery/sap.c and
> > modules/access/ftp.c were not fixed as I did not provide a
> > trigger. Note, that the code looks very similar to the confirmed bug
> > in rtp_packetize_xiph_config, and so I leave it to you to decide
> > whether you want to patch this.
>
> These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
> upstream for the status of an upstream fix?
Just because they look similar, does not make them a vulnerability. The
format string for ftp_SendCommand is not attacker controlled. The reporter
still has not answered questions about how the invalid write in
modules/access/ftp.c could be triggered [1]. Similarly, the issue in
modules/services_discovery/sap.c lacks a trigger. The rather disturbing
thread can be found at [2].
Cheers
[1] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100674.html
[2] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100675.html
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#775866
; Package src:vlc
.
(Mon, 26 Jan 2015 17:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Mon, 26 Jan 2015 17:15:05 GMT) (full text, mbox, link).
Message #45 received at 775866@bugs.debian.org (full text, mbox, reply):
On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote:
> On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> > On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > > * The potential invalid writes in modules/services_discovery/sap.c and
> > > modules/access/ftp.c were not fixed as I did not provide a
> > > trigger. Note, that the code looks very similar to the confirmed bug
> > > in rtp_packetize_xiph_config, and so I leave it to you to decide
> > > whether you want to patch this.
> >
> > These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
> > upstream for the status of an upstream fix?
>
> Just because they look similar, does not make them a vulnerability. The
> format string for ftp_SendCommand is not attacker controlled. The reporter
> still has not answered questions about how the invalid write in
> modules/access/ftp.c could be triggered [1]. Similarly, the issue in
> modules/services_discovery/sap.c lacks a trigger. The rather disturbing
> thread can be found at [2].
>
> [1] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100674.html
> [2] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100675.html
Given upstream's response we'll mark these as non-issues in the Debian security
tracker, then.
I'm adding MITRE to CC; CVE-2015-1202 and CVE-2015-1203 are disputed by
upstream, please consider to mark them as rejected.
Cheers,
Moritz
Reply sent
to Alessandro Ghedini <ghedo@debian.org>
:
You have taken responsibility.
(Thu, 05 Feb 2015 19:36:10 GMT) (full text, mbox, link).
Notification sent
to Yves-Alexis Perez <corsac@debian.org>
:
Bug acknowledged by developer.
(Thu, 05 Feb 2015 19:36:10 GMT) (full text, mbox, link).
Message #50 received at 775866-close@bugs.debian.org (full text, mbox, reply):
Source: vlc
Source-Version: 2.0.3-5+deb7u2
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 775866@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <ghedo@debian.org> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 01 Feb 2015 11:53:45 +0100
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi
Architecture: source amd64 all
Version: 2.0.3-5+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
libvlc-dev - development files for libvlc
libvlc5 - multimedia player and streamer library
libvlccore-dev - development files for libvlccore
libvlccore5 - base library for VLC and its modules
vlc - multimedia player and streamer
vlc-data - Common data for VLC
vlc-dbg - debugging symbols for vlc
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-fluidsynth - FluidSynth plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-notify - LibNotify plugin for VLC
vlc-plugin-pulse - PulseAudio plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svg - SVG plugin for VLC
vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 775866
Changes:
vlc (2.0.3-5+deb7u2) wheezy-security; urgency=high
.
* Fix multiple vulnerabilities (Closes: #775866):
- Fix potential buffer overflow in the Dirac and Schroedinger encoders
as per CVE-2014-9629
- Fix buffer overflow when parsing string boxes in the MP4 demuxer
as per CVE-2014-9626, CVE-2014-9627, CVE-2014-9628
- Fix possible invalid memory access in the RTP code as per CVE-2014-9630
* Set urgency=high accordingly
Checksums-Sha1:
3ba10f05dd7f3289261ac85338d5af6aa2ec035b 4853 vlc_2.0.3-5+deb7u2.dsc
cf4dc7b22684b01222a7a2e14972fa5b9de14c7b 65013 vlc_2.0.3-5+deb7u2.debian.tar.gz
27d55de2c986d2caf287f0b2122447c50aff432a 59610 libvlc-dev_2.0.3-5+deb7u2_amd64.deb
dc3fde0367438dd89449d4745b91241ce07c5db8 39248 libvlc5_2.0.3-5+deb7u2_amd64.deb
a0ab20338a7a669d97f25e65871c775fd25e01e4 505462 libvlccore-dev_2.0.3-5+deb7u2_amd64.deb
61a809c6cf362d9e83d6d8f3d2e31975922c555a 357012 libvlccore5_2.0.3-5+deb7u2_amd64.deb
c07313774ee7a8e2a0c659a701f8ca7029a10ec7 1051662 vlc_2.0.3-5+deb7u2_amd64.deb
49b0a5fe43f59287e98abf82b789d73a7fba57d3 5120376 vlc-data_2.0.3-5+deb7u2_all.deb
6bc9837ea9cf51bdeb3339b3f455d1c2900551d4 13269808 vlc-dbg_2.0.3-5+deb7u2_amd64.deb
9425fd123a63bd1a450f2f1b1ef6e16050108f0d 2557258 vlc-nox_2.0.3-5+deb7u2_amd64.deb
6f110318bda90749f937607764203a302b93073f 5494 vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb
9bba3e9f5187919f6cdc755d6e9b43b9fecb8e05 10508 vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb
b4fb5462c9b51922611491d2f6a600a4bdc99a97 5618 vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb
ad2f0f6fe3ff1a9593fbcb89c2229a0a817da986 16784 vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb
dbe381e362282ab9b7d9f21d8c2d5e7799c6ee53 8104 vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb
298e25ecaca4607a40b121c7b46a6a6790d427c3 6318 vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb
28f058af8b20d3f1340aadecd1d607217b363a47 8042 vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb
Checksums-Sha256:
1121ff16c7fbc14a8e6373da17b0afc9e72688eb430e8f25907334626a8a7140 4853 vlc_2.0.3-5+deb7u2.dsc
ca0f806a7e1d9fb3c6547a9373f03322209c69722608d5d2c2e88fadac1744ab 65013 vlc_2.0.3-5+deb7u2.debian.tar.gz
b58228987642acdddd00888d5e4fe2e9c962081c6ed2966a9667d774d6e8fd16 59610 libvlc-dev_2.0.3-5+deb7u2_amd64.deb
da5cca6d7ed0cd67ab8fadcde91ddfafa5217a68f8638088a25183bdab11d698 39248 libvlc5_2.0.3-5+deb7u2_amd64.deb
59a14f262f73151e07169f1d3cd231d6f6e7a957cbd79f6d8bf73774f010932f 505462 libvlccore-dev_2.0.3-5+deb7u2_amd64.deb
c28f8b895a5d342522be9906acfee80ba9e795aab3c7ef8f00b65e190dc1c415 357012 libvlccore5_2.0.3-5+deb7u2_amd64.deb
3bd56e6e32fe544f9a573c9021400a766c2c4b2fc5b6710a0079300b3997f030 1051662 vlc_2.0.3-5+deb7u2_amd64.deb
679d2a64db56f5e41d5e66f54bad6de2b579e0c566216b2e79380da19556c12c 5120376 vlc-data_2.0.3-5+deb7u2_all.deb
e7fb13d69f7ae71607cfad9ae5660e41c1689387ebb51aec203048d41ece3175 13269808 vlc-dbg_2.0.3-5+deb7u2_amd64.deb
55b65ad895467ab78cb8320bb794221e0daed25a265eaac8ef1609099b2bc742 2557258 vlc-nox_2.0.3-5+deb7u2_amd64.deb
6c7a7bcaa5f72f974131b800386a298b47631f46ae62d1d90263018b94e4ce1d 5494 vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb
1f5c1b8491c25ea58de3fa732ddd694772506192fbace36d6ee81212d4516491 10508 vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb
6727fc897a3f8c7070e89697de46754e8802439e9e26e39ef3d146d712ecf9af 5618 vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb
c34c309ff61c30680976e9c255276995ec17b5cb0086da4f18f8eb061657bca4 16784 vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb
3bdd895910a82a414c3e1d5f3b594216f4f5cd5ac8aa49501a20d79681ce61cc 8104 vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb
9b7b4ecf4fdfd2ecd7621be57cba60dc90c4445cf44b71360853f97e3e2b4990 6318 vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb
7a76e86bc5ec17a5cd4dc695b2bcb10d4bcd588f8dee4d06ce777bbd077fac83 8042 vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb
Files:
1b452feb68579df37eecce6a09cc5923 4853 video optional vlc_2.0.3-5+deb7u2.dsc
c7d5dbd08c7fc1efa3434c54458ef277 65013 video optional vlc_2.0.3-5+deb7u2.debian.tar.gz
c7a9ef7536cdec01da96dd6d623a2cf7 59610 libdevel optional libvlc-dev_2.0.3-5+deb7u2_amd64.deb
701d64e575ea1c4b063682b7d506a492 39248 libs optional libvlc5_2.0.3-5+deb7u2_amd64.deb
2c683ecf7e8657bef297790e2d9bf7ca 505462 libdevel optional libvlccore-dev_2.0.3-5+deb7u2_amd64.deb
0caaf0791b360ef0147a0ac00544aad1 357012 libs optional libvlccore5_2.0.3-5+deb7u2_amd64.deb
148a85f65ff2a0ef3905bbac946bf91c 1051662 video optional vlc_2.0.3-5+deb7u2_amd64.deb
a25c0e7e5e9e789101351ab00285592a 5120376 video optional vlc-data_2.0.3-5+deb7u2_all.deb
b461a1b7fc7fc255323828ecc39452d8 13269808 debug extra vlc-dbg_2.0.3-5+deb7u2_amd64.deb
15a1893e7bfdcc9462e1fd115a40a7a5 2557258 video optional vlc-nox_2.0.3-5+deb7u2_amd64.deb
f3144a810f91007800900c411b1b834f 5494 video optional vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb
e87bae33231da142f02aa7219d4b4fed 10508 video optional vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb
ec1bd804081a43bb99eab17d1592f4fc 5618 video optional vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb
69ae7a071bd5b4eebacb823531b57485 16784 video optional vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb
362e3fecb65f876036329735f5f3de40 8104 video optional vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb
a991e4cfd83fb42c2a7a0074d608e7e5 6318 video optional vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb
e5f9f96d13e7f6bace7f228ba7949003 8042 video optional vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUzzkjAAoJEK+lG9bN5XPL2s8P/1FiiPqFOq+aUc2mG1R0srD/
K45TPhUbp1SSIN0IRkUaCTanTjl54FMZRnwl8CQsgw9YFuAr9jnjEmWA92plFWSv
HFSL7K8T1XIDhquL2jy+fI9KhPB8kYS+wuU3jxt2ND26AJ5Gew7506JTsx2rtvBc
rcaIj0gjI2rdqLCZhAXAjOjWjuNtlCvhSzLQeS84XP727TCzmtlB02ul9QHHDPXv
3IraITq2c18jeIse2wI9xIGg8yjtnzNEp0CPKFyNt7SidytEt0tgl2lb3BsfGy7h
GGmBIvxs6pJVLPA/ba9cRGBSXeCDhhi1GWI5/Ffiewg6l+jXBv+t58JQrBmcnh0+
XFrCB8SguPg+0WIiZ3CN1MvVsB5ON2+c1PxnhklY9Lo2zLdbdg9BQt7kRKx7vHoK
Gbw7DCtpeEjU1YI15TCl/lUkf59FA4jQcUUAOiiLls65JO9z8T7xn8S6lNXr7Ocj
2BGoWB1D+7K+AkizzuKINxS9nfUDf3APnZNQo5xazNyMxTE+8aC9J69tH6rBkJwM
4+thAzCosVn+gBh/a2F3pjRD8Gz5Anh6+J/b3SsPJsYnT1sEzBEtJE7MUxaG4lnP
C0D7YwmHf8VdNyK6ZjmG4gyIgJY54CIwjIv0aQ7xmr0KjswdhbGlREzTOqvHu5ER
HIQgtITFJ/XQ8IXOdb2K
=2UmH
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 06 Mar 2015 07:26:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:57:13 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.