vlc: multiple vulnerabilities

Debian Bug report logs - #775866
vlc: multiple vulnerabilities

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: vlc: multiple vulnerabilities

Date: Tue, 20 Jan 2015 21:47:26 +0100

Source: vlc
Version: 2.1.5-1
Severity: grave
Tags: security
Justification: user security hole

Hi,

multiple vulnerabilities were reported against vlc 2.1.5. The complete
mail is at http://seclists.org/oss-sec/2015/q1/187 but at least the
following vulnerabilities are fixed in vlc master branch:

* Buffer overflow in updater:
  https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
* Buffer overflow in mp4 demuxer:
  https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
* Potential buffer overflow in Schroedinger Encoder
  https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
* Invalid memory access in rtp code:
  https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
* Null-pointer dereference in dmo codec:
  https://github.com/videolan/vlc/commit/229c385a79d48e41687fae8b4dfeaeef9c8c3eb7

And there are unfixed ones:

* The potential buffer overflow in the Dirac Encoder was not fixed as
  the Dirac encoder no longer exists in the master branch.
* The potential invalid writes in modules/services_discovery/sap.c and
  modules/access/ftp.c were not fixed as I did not provide a
  trigger. Note, that the code looks very similar to the confirmed bug
  in rtp_packetize_xiph_config, and so I leave it to you to decide
  whether you want to patch this.

CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so a
DSA might be needed.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Yves-Alexis Perez <corsac@debian.org>, 775866@bugs.debian.org

Subject: Re: Bug#775866: vlc: multiple vulnerabilities

Date: Tue, 20 Jan 2015 22:39:40 +0100

Hi!

On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so a
> DSA might be needed.

They were assigned now:
http://www.openwall.com/lists/oss-security/2015/01/20/11

Regards,
Salvatore

Message #15 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Yves-Alexis Perez <corsac@debian.org>

Cc: 775866@bugs.debian.org

Subject: Re: vlc: multiple vulnerabilities

Date: Wed, 21 Jan 2015 09:22:02 +0100

On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> Source: vlc
> Version: 2.1.5-1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> 
> multiple vulnerabilities were reported against vlc 2.1.5. The complete
> mail is at http://seclists.org/oss-sec/2015/q1/187 but at least the
> following vulnerabilities are fixed in vlc master branch:
> 
> * Buffer overflow in updater:
>   https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14

The Debian package builds with --no-update-check, so it's not affected
by that one.

Cheers,
        Moritz

Message #20 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: Yves-Alexis Perez <corsac@debian.org>, 775866@bugs.debian.org

Subject: Re: Bug#775866: vlc: multiple vulnerabilities

Date: Wed, 21 Jan 2015 09:58:25 +0100

[Message part 1 (text/plain, inline)]

On 2015-01-20 21:47:26, Yves-Alexis Perez wrote:
> And there are unfixed ones:
> 
> * The potential buffer overflow in the Dirac Encoder was not fixed as
>   the Dirac encoder no longer exists in the master branch.

Similarly, 2.2.0~rc2-1 no longer contains the Dirac encoder, so this
only affects wheezy.

Cheers
-- 
Sebastian Ramacher

[signature.asc (application/pgp-signature, inline)]

Message #25 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: Yves-Alexis Perez <corsac@debian.org>, 775866@bugs.debian.org

Subject: Re: Bug#775866: vlc: multiple vulnerabilities

Date: Wed, 21 Jan 2015 12:39:07 +0100

[Message part 1 (text/plain, inline)]

On 2015-01-20 21:47:26, Yves-Alexis Perez wrote:
> * Null-pointer dereference in dmo codec:
>   https://github.com/videolan/vlc/commit/229c385a79d48e41687fae8b4dfeaeef9c8c3eb7

No CVE was issued for this bug, so I'll omit that patch.

Cheers
-- 
Sebastian Ramacher

[signature.asc (application/pgp-signature, inline)]

Message #30 received at 775866-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 775866-close@bugs.debian.org

Subject: Bug#775866: fixed in vlc 2.2.0~rc2-2

Date: Wed, 21 Jan 2015 22:18:56 +0000

Source: vlc
Source-Version: 2.2.0~rc2-2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 775866@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 21 Jan 2015 22:41:57 +0100
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore8 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi vlc-plugin-samba vlc-plugin-pulse
Architecture: source all
Version: 2.2.0~rc2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore8 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-pulse - transitional dummy package for vlc
 vlc-plugin-samba - Samba plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 775866
Changes:
 vlc (2.2.0~rc2-2) unstable; urgency=medium
 .
   * debian/patches: Apply upstream patches for security vulnerabilities.
     (Closes: #775866)
     - codec-schroedinger-fix-potential-buffer-overflow.patch: fix potential
       buffer overflow. (CVE-2014-9629)
     - demux-mp4-fix-buffer-overflow-in-parsing-of-string-b.patch: fix buffer
       overflow in parsing of string boxes. (CVE-2014-9626, CVE-2014-9627,
       CVE-2014-9628)
     - stream_out-rtp-don-t-use-VLA-for-user-controlled-dat.patch: don't use
       VLA for user controlled data. (CVE-2014-9630)
Checksums-Sha1:
 5f7324842882ae36aa18c5a6a074245c1ab3043b 5410 vlc_2.2.0~rc2-2.dsc
 d124ad416dcc8171ea38d716250db58a1af0ec9b 59516 vlc_2.2.0~rc2-2.debian.tar.xz
 e91b8b7b64654651365887c0e63de3dc6fac9d77 5410426 vlc-data_2.2.0~rc2-2_all.deb
 91d689787b1b481e0082e61c85929fa9c8ba7060 916 vlc-plugin-pulse_2.2.0~rc2-2_all.deb
Checksums-Sha256:
 cd9a53d57402a7888072ce589e89db0f2794d8691857aabac1a1edab7742b642 5410 vlc_2.2.0~rc2-2.dsc
 202082c88e4a4b81b11eb7fe2c0a04f638c7fa08bee2d824711659313c8dc178 59516 vlc_2.2.0~rc2-2.debian.tar.xz
 204640e68a44ded134311836dda6de2b64e1a17291a50c97c462822435fd5236 5410426 vlc-data_2.2.0~rc2-2_all.deb
 baca59d500f8cb32a6a0ab61a3557d431fbbfe32bfe4e9faf0fb00a85bb9f6d8 916 vlc-plugin-pulse_2.2.0~rc2-2_all.deb
Files:
 a674accfdebaee47310ca3a4cddc749c 5410 video optional vlc_2.2.0~rc2-2.dsc
 3957db5553a882d682d8367d1e577828 59516 video optional vlc_2.2.0~rc2-2.debian.tar.xz
 966c48aa910015cb6040800d647308cb 5410426 video optional vlc-data_2.2.0~rc2-2_all.deb
 07af522a72f1b206a4911e1e64d30ec8 916 video optional vlc-plugin-pulse_2.2.0~rc2-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUwCNLAAoJEGny/FFupxmT+GsQAMFKca1mA2K/0gayORhxWWcl
DxBEfWcHKz12nYpQRse7ZsmjwPqOo9NJRdn5o2/ZR3Vn6Fqza4xraKBr5v6szz/s
S77X03nBAs1PQat20Vt7OWXOlzbtenPWDoezpEOtCQXt0H6jlyk8DJ4q0aMGNMnw
Pkobf9eszJR7IhK/TERev14CMk7dB8I1mHSQeJJdrwKsiwBR+vfeoBLR+/i9N4ol
LazQbX/S1+pFC6uARxVGzeNmaTy8kVaB8ceWkfTqg7NJA374+nKrfDevKgJVNV25
EtNUBY0A0kEP0IP38dGU7IUEVGKqlxLCG7TywsTw+LU7JLlle5DXLz+2LUAeqaP8
QcCGY3e37eBYGdDFvjSSsI7uqbW7Tk+52XPwai+86kWIcTWt15+a3FF44dQOoOwW
29sJQbl4tw6cALAOJmAaSupANpzq8SMlkfygGG3zleknYdYCRvQG+hVIARQ0p8Ge
8n46y7kn9oLhQcMMwQbdkw2U2PdHu9QhOxTKtFo+XFSNdy9CIlR/APbKg24ZRwb8
CIK3rI4P5FPIdu/fayFYIY42NPIbS9HSahaOH1wAyzI7RiKoMS+1FvcKYHigT55D
1NAwQSXYTHjGCbUsOZ5yMdw4BN266c+26LU+aR/o3SqutmACi1ltqDZTCHEEBi63
TSNgex1fnwbbq5QOTj/t
=o18o
-----END PGP SIGNATURE-----

Message #35 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: sramacher@debian.org

Cc: 775866@bugs.debian.org, corsac@debian.org

Subject: Re: vlc: multiple vulnerabilities

Date: Mon, 26 Jan 2015 13:49:26 +0100

On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> * The potential invalid writes in modules/services_discovery/sap.c and
>   modules/access/ftp.c were not fixed as I did not provide a
>   trigger. Note, that the code looks very similar to the confirmed bug
>   in rtp_packetize_xiph_config, and so I leave it to you to decide
>   whether you want to patch this.

These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
upstream for the status of an upstream fix?

Cheers,
        Moritz

Message #40 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: 775866@bugs.debian.org, corsac@debian.org

Subject: Re: vlc: multiple vulnerabilities

Date: Mon, 26 Jan 2015 17:33:30 +0100

[Message part 1 (text/plain, inline)]

On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > * The potential invalid writes in modules/services_discovery/sap.c and
> >   modules/access/ftp.c were not fixed as I did not provide a
> >   trigger. Note, that the code looks very similar to the confirmed bug
> >   in rtp_packetize_xiph_config, and so I leave it to you to decide
> >   whether you want to patch this.
> 
> These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
> upstream for the status of an upstream fix?

Just because they look similar, does not make them a vulnerability. The
format string for ftp_SendCommand is not attacker controlled. The reporter
still has not answered questions about how the invalid write in
modules/access/ftp.c could be triggered [1]. Similarly, the issue in
modules/services_discovery/sap.c lacks a trigger. The rather disturbing
thread can be found at [2].

Cheers

[1] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100674.html
[2] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100675.html
-- 
Sebastian Ramacher

[signature.asc (application/pgp-signature, inline)]

Message #45 received at 775866@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Sebastian Ramacher <sramacher@debian.org>, cve-assign@mitre.org

Cc: Moritz Mühlenhoff <jmm@inutil.org>, 775866@bugs.debian.org, corsac@debian.org

Subject: Re: vlc: multiple vulnerabilities

Date: Mon, 26 Jan 2015 18:09:54 +0100

On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote:
> On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> > On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > > * The potential invalid writes in modules/services_discovery/sap.c and
> > >   modules/access/ftp.c were not fixed as I did not provide a
> > >   trigger. Note, that the code looks very similar to the confirmed bug
> > >   in rtp_packetize_xiph_config, and so I leave it to you to decide
> > >   whether you want to patch this.
> > 
> > These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
> > upstream for the status of an upstream fix?
> 
> Just because they look similar, does not make them a vulnerability. The
> format string for ftp_SendCommand is not attacker controlled. The reporter
> still has not answered questions about how the invalid write in
> modules/access/ftp.c could be triggered [1]. Similarly, the issue in
> modules/services_discovery/sap.c lacks a trigger. The rather disturbing
> thread can be found at [2].
>
> [1] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100674.html
> [2] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100675.html

Given upstream's response we'll mark these as non-issues in the Debian security
tracker, then.

I'm adding MITRE to CC; CVE-2015-1202 and CVE-2015-1203 are disputed by
upstream, please consider to mark them as rejected.

Cheers,
        Moritz

Message #50 received at 775866-close@bugs.debian.org (full text, mbox, reply):

From: Alessandro Ghedini <ghedo@debian.org>

To: 775866-close@bugs.debian.org

Subject: Bug#775866: fixed in vlc 2.0.3-5+deb7u2

Date: Thu, 05 Feb 2015 19:33:01 +0000

Source: vlc
Source-Version: 2.0.3-5+deb7u2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 775866@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <ghedo@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 01 Feb 2015 11:53:45 +0100
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi
Architecture: source amd64 all
Version: 2.0.3-5+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description: 
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore5 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 775866
Changes: 
 vlc (2.0.3-5+deb7u2) wheezy-security; urgency=high
 .
   * Fix multiple vulnerabilities (Closes: #775866):
     - Fix potential buffer overflow in the Dirac and Schroedinger encoders
       as per CVE-2014-9629
     - Fix buffer overflow when parsing string boxes in the MP4 demuxer
       as per CVE-2014-9626, CVE-2014-9627, CVE-2014-9628
     - Fix possible invalid memory access in the RTP code as per CVE-2014-9630
   * Set urgency=high accordingly
Checksums-Sha1: 
 3ba10f05dd7f3289261ac85338d5af6aa2ec035b 4853 vlc_2.0.3-5+deb7u2.dsc
 cf4dc7b22684b01222a7a2e14972fa5b9de14c7b 65013 vlc_2.0.3-5+deb7u2.debian.tar.gz
 27d55de2c986d2caf287f0b2122447c50aff432a 59610 libvlc-dev_2.0.3-5+deb7u2_amd64.deb
 dc3fde0367438dd89449d4745b91241ce07c5db8 39248 libvlc5_2.0.3-5+deb7u2_amd64.deb
 a0ab20338a7a669d97f25e65871c775fd25e01e4 505462 libvlccore-dev_2.0.3-5+deb7u2_amd64.deb
 61a809c6cf362d9e83d6d8f3d2e31975922c555a 357012 libvlccore5_2.0.3-5+deb7u2_amd64.deb
 c07313774ee7a8e2a0c659a701f8ca7029a10ec7 1051662 vlc_2.0.3-5+deb7u2_amd64.deb
 49b0a5fe43f59287e98abf82b789d73a7fba57d3 5120376 vlc-data_2.0.3-5+deb7u2_all.deb
 6bc9837ea9cf51bdeb3339b3f455d1c2900551d4 13269808 vlc-dbg_2.0.3-5+deb7u2_amd64.deb
 9425fd123a63bd1a450f2f1b1ef6e16050108f0d 2557258 vlc-nox_2.0.3-5+deb7u2_amd64.deb
 6f110318bda90749f937607764203a302b93073f 5494 vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb
 9bba3e9f5187919f6cdc755d6e9b43b9fecb8e05 10508 vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb
 b4fb5462c9b51922611491d2f6a600a4bdc99a97 5618 vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb
 ad2f0f6fe3ff1a9593fbcb89c2229a0a817da986 16784 vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb
 dbe381e362282ab9b7d9f21d8c2d5e7799c6ee53 8104 vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb
 298e25ecaca4607a40b121c7b46a6a6790d427c3 6318 vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb
 28f058af8b20d3f1340aadecd1d607217b363a47 8042 vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb
Checksums-Sha256: 
 1121ff16c7fbc14a8e6373da17b0afc9e72688eb430e8f25907334626a8a7140 4853 vlc_2.0.3-5+deb7u2.dsc
 ca0f806a7e1d9fb3c6547a9373f03322209c69722608d5d2c2e88fadac1744ab 65013 vlc_2.0.3-5+deb7u2.debian.tar.gz
 b58228987642acdddd00888d5e4fe2e9c962081c6ed2966a9667d774d6e8fd16 59610 libvlc-dev_2.0.3-5+deb7u2_amd64.deb
 da5cca6d7ed0cd67ab8fadcde91ddfafa5217a68f8638088a25183bdab11d698 39248 libvlc5_2.0.3-5+deb7u2_amd64.deb
 59a14f262f73151e07169f1d3cd231d6f6e7a957cbd79f6d8bf73774f010932f 505462 libvlccore-dev_2.0.3-5+deb7u2_amd64.deb
 c28f8b895a5d342522be9906acfee80ba9e795aab3c7ef8f00b65e190dc1c415 357012 libvlccore5_2.0.3-5+deb7u2_amd64.deb
 3bd56e6e32fe544f9a573c9021400a766c2c4b2fc5b6710a0079300b3997f030 1051662 vlc_2.0.3-5+deb7u2_amd64.deb
 679d2a64db56f5e41d5e66f54bad6de2b579e0c566216b2e79380da19556c12c 5120376 vlc-data_2.0.3-5+deb7u2_all.deb
 e7fb13d69f7ae71607cfad9ae5660e41c1689387ebb51aec203048d41ece3175 13269808 vlc-dbg_2.0.3-5+deb7u2_amd64.deb
 55b65ad895467ab78cb8320bb794221e0daed25a265eaac8ef1609099b2bc742 2557258 vlc-nox_2.0.3-5+deb7u2_amd64.deb
 6c7a7bcaa5f72f974131b800386a298b47631f46ae62d1d90263018b94e4ce1d 5494 vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb
 1f5c1b8491c25ea58de3fa732ddd694772506192fbace36d6ee81212d4516491 10508 vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb
 6727fc897a3f8c7070e89697de46754e8802439e9e26e39ef3d146d712ecf9af 5618 vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb
 c34c309ff61c30680976e9c255276995ec17b5cb0086da4f18f8eb061657bca4 16784 vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb
 3bdd895910a82a414c3e1d5f3b594216f4f5cd5ac8aa49501a20d79681ce61cc 8104 vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb
 9b7b4ecf4fdfd2ecd7621be57cba60dc90c4445cf44b71360853f97e3e2b4990 6318 vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb
 7a76e86bc5ec17a5cd4dc695b2bcb10d4bcd588f8dee4d06ce777bbd077fac83 8042 vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb
Files: 
 1b452feb68579df37eecce6a09cc5923 4853 video optional vlc_2.0.3-5+deb7u2.dsc
 c7d5dbd08c7fc1efa3434c54458ef277 65013 video optional vlc_2.0.3-5+deb7u2.debian.tar.gz
 c7a9ef7536cdec01da96dd6d623a2cf7 59610 libdevel optional libvlc-dev_2.0.3-5+deb7u2_amd64.deb
 701d64e575ea1c4b063682b7d506a492 39248 libs optional libvlc5_2.0.3-5+deb7u2_amd64.deb
 2c683ecf7e8657bef297790e2d9bf7ca 505462 libdevel optional libvlccore-dev_2.0.3-5+deb7u2_amd64.deb
 0caaf0791b360ef0147a0ac00544aad1 357012 libs optional libvlccore5_2.0.3-5+deb7u2_amd64.deb
 148a85f65ff2a0ef3905bbac946bf91c 1051662 video optional vlc_2.0.3-5+deb7u2_amd64.deb
 a25c0e7e5e9e789101351ab00285592a 5120376 video optional vlc-data_2.0.3-5+deb7u2_all.deb
 b461a1b7fc7fc255323828ecc39452d8 13269808 debug extra vlc-dbg_2.0.3-5+deb7u2_amd64.deb
 15a1893e7bfdcc9462e1fd115a40a7a5 2557258 video optional vlc-nox_2.0.3-5+deb7u2_amd64.deb
 f3144a810f91007800900c411b1b834f 5494 video optional vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb
 e87bae33231da142f02aa7219d4b4fed 10508 video optional vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb
 ec1bd804081a43bb99eab17d1592f4fc 5618 video optional vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb
 69ae7a071bd5b4eebacb823531b57485 16784 video optional vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb
 362e3fecb65f876036329735f5f3de40 8104 video optional vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb
 a991e4cfd83fb42c2a7a0074d608e7e5 6318 video optional vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb
 e5f9f96d13e7f6bace7f228ba7949003 8042 video optional vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUzzkjAAoJEK+lG9bN5XPL2s8P/1FiiPqFOq+aUc2mG1R0srD/
K45TPhUbp1SSIN0IRkUaCTanTjl54FMZRnwl8CQsgw9YFuAr9jnjEmWA92plFWSv
HFSL7K8T1XIDhquL2jy+fI9KhPB8kYS+wuU3jxt2ND26AJ5Gew7506JTsx2rtvBc
rcaIj0gjI2rdqLCZhAXAjOjWjuNtlCvhSzLQeS84XP727TCzmtlB02ul9QHHDPXv
3IraITq2c18jeIse2wI9xIGg8yjtnzNEp0CPKFyNt7SidytEt0tgl2lb3BsfGy7h
GGmBIvxs6pJVLPA/ba9cRGBSXeCDhhi1GWI5/Ffiewg6l+jXBv+t58JQrBmcnh0+
XFrCB8SguPg+0WIiZ3CN1MvVsB5ON2+c1PxnhklY9Lo2zLdbdg9BQt7kRKx7vHoK
Gbw7DCtpeEjU1YI15TCl/lUkf59FA4jQcUUAOiiLls65JO9z8T7xn8S6lNXr7Ocj
2BGoWB1D+7K+AkizzuKINxS9nfUDf3APnZNQo5xazNyMxTE+8aC9J69tH6rBkJwM
4+thAzCosVn+gBh/a2F3pjRD8Gz5Anh6+J/b3SsPJsYnT1sEzBEtJE7MUxaG4lnP
C0D7YwmHf8VdNyK6ZjmG4gyIgJY54CIwjIv0aQ7xmr0KjswdhbGlREzTOqvHu5ER
HIQgtITFJ/XQ8IXOdb2K
=2UmH
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.