vlc: CVE-2016-5108

Debian Bug report logs - #825728
vlc: CVE-2016-5108

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: vlc: CVE-2016-5108

Date: Sun, 29 May 2016 12:02:57 +0200

Source: vlc
Version: 2.2.3-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for vlc.

CVE-2016-5108[0]:
crash and potential code execution when processing QuickTime IMA files

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-5108
[1] http://www.openwall.com/lists/oss-security/2016/05/27/3
[2] https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #14 received at 825728-submitter@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 825728-submitter@bugs.debian.org

Subject: Bug#825728 marked as pending

Date: Sun, 29 May 2016 11:20:03 +0000

tag 825728 pending
thanks

Hello,

Bug #825728 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-multimedia/vlc.git;a=commitdiff;h=8e71369

---
commit 8e71369ef21fe99dbd7180c56281703c4b941a2e
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sun May 29 12:54:08 2016 +0200

    Finalize changelog

diff --git a/debian/changelog b/debian/changelog
index 42a701c..7b60779 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+vlc (2.2.3-2) unstable; urgency=medium
+
+  * debian/patches:
+    - g711-fix-dangling-pointer-fixes-16909.patch: Upstream patch to fix issue
+      with some WAV files.
+    - adpcm-reject-invalid-QuickTime-IMA-files.patch: Apply upstream patch for
+      CVE-2016-5108. (Closes: #825728)
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Sun, 29 May 2016 12:53:09 +0200
+
 vlc (2.2.3-1) unstable; urgency=medium
 
   [ Mateusz Łukasik ]

Message #19 received at 825728-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 825728-close@bugs.debian.org

Subject: Bug#825728: fixed in vlc 2.2.3-2

Date: Sun, 29 May 2016 11:28:03 +0000

Source: vlc
Source-Version: 2.2.3-2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825728@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 29 May 2016 13:09:00 +0200
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore8 vlc vlc-data vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi vlc-plugin-samba
Architecture: source
Version: 2.2.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore8 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-samba - Samba plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 825728
Changes:
 vlc (2.2.3-2) unstable; urgency=medium
 .
   * debian/patches:
     - g711-fix-dangling-pointer-fixes-16909.patch: Upstream patch to fix issue
       with some WAV files.
     - adpcm-reject-invalid-QuickTime-IMA-files.patch: Apply upstream patch for
       CVE-2016-5108. (Closes: #825728)
   * debian/rules: Reduce libX11 and libxcb linkage to a warning. Moving the
     ffmpeg and libtheora plugins to vlc does not make much sense.
Checksums-Sha1:
 fa137aadb5ed4f19ba000d48b935f314874660c6 5950 vlc_2.2.3-2.dsc
 0a416804aa8cca9ad52a79a887992b45aa71d4d8 73620 vlc_2.2.3-2.debian.tar.xz
Checksums-Sha256:
 841110ef9e39b1617f141f2a77b47ecec8ad40d072a21398242e60f3cb91a388 5950 vlc_2.2.3-2.dsc
 1c0afa6f45be747001ee9ddc17fa4586c3553533deb1d25b6ecc7af4763ace94 73620 vlc_2.2.3-2.debian.tar.xz
Files:
 228275e287fefefab75bc7aa6cdcabbf 5950 video optional vlc_2.2.3-2.dsc
 c82a410f38abc4c000a40b56f1812d04 73620 video optional vlc_2.2.3-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXSs//AAoJEGny/FFupxmTDCUP/30z3TQ42cqUhiu4hcpGismL
LoayzW/MsUEUkitqvfoMmGrFNYnUrcitU0PQdwfKHo4IZf94GYw85bnfkdytwz6u
vzfRgUxNS4dYMejjbCJ06cgu6zLSbW/RVzNAt+xhbPcWWOXILMrr+WEYjvB3HGs+
TCQInkJQfV/5BIJgfLjVxiqSUy71eIOrJlluQRSn8QJETHSY/Ih7BqoEzj+Jsf5V
52fS0u1IKTRs37th4Ly3ogJIBscByClsbFJ5bl6KfRUn61OPIhYbBGCUZ+HfTx3H
IY45mRNH6E0anyVraVE9hjZ8ncpphMm6TRucdUzRBzl7DhXMEnegZf03nIodrLrb
c6jmBwi3ERneoHYLfSdSq1mie90Ws9A21S8ePQMBQRWJIriY+XStSz7vRdX2TkzF
eIi1Uf1cHObyfcGZ2LMA0qom/KVdCXrUxHAAKMOha3sf4C8lJ9O9SV0eyGFYVOLr
LEaBEjk6TwF6k+y6zopq3jFT3r6CuIg0IACz+WX6jxBpkvurDlr5XNcaQT0KyaRj
CYBsZoWxaWHmIw23BhR9WipxIrhJBvCI6XJup1zdblCrVp9NXr3/ADEF6aXF7U1Y
dS1KeaF8wUfsv1FuegzBIokGR+gMsEGDekSj2F5yZ2jq6Wkpb6m8pEL80JxSLx8B
Zrqfgw2QfYf88TQsU4Td
=B2rU
-----END PGP SIGNATURE-----

Message #24 received at 825728-submitter@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 825728-submitter@bugs.debian.org

Subject: Bug#825728 marked as pending

Date: Sun, 29 May 2016 12:38:15 +0000

tag 825728 pending
thanks

Hello,

Bug #825728 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-multimedia/vlc.git;a=commitdiff;h=6e000b0

---
commit 6e000b031fab9ed259bb8cee94d23a696f420dfc
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sun May 29 14:37:52 2016 +0200

    Update changelog

diff --git a/debian/changelog b/debian/changelog
index faed4d8..177f513 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,12 +25,15 @@ vlc (2.2.3-1~deb8u1) jessie; urgency=medium
     - vout: Fix use-after-free.
     - realrtsp: Fix off-by-one and various crashes.
     - Fix various memory leaks.
-  * debian/patches/CVE-2015-5949.patch: Removed, included upstream.
+  * debian/patches
+    - CVE-2015-5949.patch: Removed, included upstream.
+    - adpcm-reject-invalid-QuickTime-IMA-files.patch: Apply upstream patch for
+      CVE-2016-5108. (Closes: #825728)
   * debian/copyright: Update copyright years.
   * debian/libvlc5.symbols: Bump version of libvlc_event_type_name for new
     event names.
 
- -- Sebastian Ramacher <sramacher@debian.org>  Thu, 26 May 2016 14:37:52 +0200
+ -- Sebastian Ramacher <sramacher@debian.org>  Sun, 29 May 2016 14:37:21 +0200
 
 vlc (2.2.1-1~deb8u1) jessie; urgency=medium
 

Message #27 received at 825728-submitter@bugs.debian.org (full text, mbox, reply):

From: Mateusz Łukasik <mati75@linuxmint.pl>

To: 825728-submitter@bugs.debian.org

Subject: Bug#825728 marked as pending

Date: Thu, 02 Jun 2016 20:33:32 +0000

tag 825728 pending
thanks

Hello,

Bug #825728 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-multimedia/vlc.git;a=commitdiff;h=db56071

---
commit db56071a7b0e1d518ff55e0378a1ba50bbe33b2b
Author: Mateusz Łukasik <mati75@linuxmint.pl>
Date:   Thu Jun 2 22:34:36 2016 +0200

    Fix CVE-2016-5108. (Closes: #825728)

diff --git a/debian/changelog b/debian/changelog
index 89e9d73..bd73256 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vlc (2.0.3-5+deb7u3) wheezy-security; urgency=high
+
+  * Fix CVE-2016-5108. (Closes: #825728)
+
+ -- Mateusz Łukasik <mati75@linuxmint.pl>  Thu, 02 Jun 2016 21:40:24 +0200
+
 vlc (2.0.3-5+deb7u2) wheezy-security; urgency=high
 
   * Fix multiple vulnerabilities (Closes: #775866):

Message #30 received at 825728-submitter@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 825728-submitter@bugs.debian.org

Subject: Bug#825728 marked as pending

Date: Thu, 02 Jun 2016 20:38:56 +0000

tag 825728 pending
thanks

Hello,

Bug #825728 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-multimedia/vlc.git;a=commitdiff;h=a239c43

---
commit a239c4346b0cf4db8172f2249e3ca50452587977
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Thu Jun 2 22:38:51 2016 +0200

    Update changelog

diff --git a/debian/changelog b/debian/changelog
index a2419cc..e954763 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 vlc (2.2.4-1~deb8u1) jessie-security; urgency=medium
 
   * New upstream release.
+    - quicktime: Reject invalid IMA files (CVE-2016-5108). (Closes: #825728)
     - pulse: Compute latency correctly if negative, fixing missing audio on
       high network latency. (Closes: #784640)
     - alsa: Fix audio device selection. (Closes: #801448)
@@ -25,6 +26,7 @@ vlc (2.2.4-1~deb8u1) jessie-security; urgency=medium
     - vout: Fix use-after-free.
     - realrtsp: Fix off-by-one and various crashes.
     - Fix various memory leaks.
+    - Fix links to French TV icons. (Closes: #782229)
   * debian/patches/CVE-2015-5949.patch: Removed, included upstream.
   * debian/copyright: Update copyright years.
   * debian/libvlc5.symbols: Bump version of libvlc_event_type_name for new

Message #35 received at 825728-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 825728-close@bugs.debian.org

Subject: Bug#825728: fixed in vlc 2.2.4-1~deb8u1

Date: Mon, 13 Jun 2016 22:17:26 +0000

Source: vlc
Source-Version: 2.2.4-1~deb8u1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825728@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Jun 2016 17:39:38 +0200
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore8 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi vlc-plugin-samba vlc-plugin-pulse
Architecture: source amd64 all
Version: 2.2.4-1~deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore8 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-pulse - transitional dummy package for vlc
 vlc-plugin-samba - Samba plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 782229 784640 801448 825728
Changes:
 vlc (2.2.4-1~deb8u1) jessie-security; urgency=medium
 .
   * New upstream release.
     - quicktime: Reject invalid IMA files (CVE-2016-5108). (Closes: #825728)
     - pulse: Compute latency correctly if negative, fixing missing audio on
       high network latency. (Closes: #784640)
     - alsa: Fix audio device selection. (Closes: #801448)
     - hls: Fix hang on stop, crashes and stack overflow.
     - mkv: Fix infinite loop.
     - vpx: Fix crash.
     - mxf: Fix crash on stop.
     - adpcm: Fix double-free.
     - zvbi: Fix crash.
     - skins2: Fix crash on malformed skin bitmaps.
     - swscale: Fix crashes in swscale resizing.
     - mp4: Fix divide-by-zero crash in mux.
     - rtsp: Fix off-by-one buffer overflow.
     - mms: Fix segmentation fault on large allocation, fix overflows.
     - lua: Fix use-after-free.
     - httplive: Fix stack overflow.
     - avformat: Fix heap overflow, NULL dereference and double-free.
     - avcodec: Fix invalid free.
     - sdp: Fix read overflow.
     - vcd: Fix double-free.
     - aout: Fix use-after-free.
     - vout: Fix use-after-free.
     - realrtsp: Fix off-by-one and various crashes.
     - Fix various memory leaks.
     - Fix links to French TV icons. (Closes: #782229)
   * debian/patches/CVE-2015-5949.patch: Removed, included upstream.
   * debian/copyright: Update copyright years.
   * debian/libvlc5.symbols: Bump version of libvlc_event_type_name for new
     event names.
Checksums-Sha1:
 c2a81d5d348d669f13e932aa5a3e6918d327cc46 5410 vlc_2.2.4-1~deb8u1.dsc
 ec171b0ad731d9d114540cd7b7fcb41fc3293696 22199316 vlc_2.2.4.orig.tar.xz
 c1e6fc378de4a1a1c94a1f7151b793db372143b4 58632 vlc_2.2.4-1~deb8u1.debian.tar.xz
 2486365752fdb43c444fd5def34df88b9565dc9b 26644 libvlc-dev_2.2.4-1~deb8u1_amd64.deb
 2af205752e0ea50ff1c417c4dce0c7332499c61d 47300 libvlc5_2.2.4-1~deb8u1_amd64.deb
 8669be164371ad110f8e8dc2d3509430fad96e85 117672 libvlccore-dev_2.2.4-1~deb8u1_amd64.deb
 9ab04d9c8201c9184994dfc2ba170189642ddd85 391538 libvlccore8_2.2.4-1~deb8u1_amd64.deb
 102b6c511b324760521202791206a9a977c4df3d 1501062 vlc_2.2.4-1~deb8u1_amd64.deb
 d70a3bf2ae1084c0e2bd026dfd2f17840467ffd2 5991856 vlc-data_2.2.4-1~deb8u1_all.deb
 0c7279a150a26913d8b27f8e0609b8f0eee05bd0 24359486 vlc-dbg_2.2.4-1~deb8u1_amd64.deb
 010e66330cf606a7ca4533a501120d5ce3e4e87f 2530574 vlc-nox_2.2.4-1~deb8u1_amd64.deb
 4f48c248dd641c7588433779e50aab36afccde7c 5652 vlc-plugin-fluidsynth_2.2.4-1~deb8u1_amd64.deb
 3f1f7c4a2d225282a70e85a409a48f2e6ee6e90e 10928 vlc-plugin-jack_2.2.4-1~deb8u1_amd64.deb
 9a79dd984d72fc96e4301533bd4375c310887b7f 5406 vlc-plugin-notify_2.2.4-1~deb8u1_amd64.deb
 3c313c1dc8a8c74fa4661f35c270eeb6939035eb 8076 vlc-plugin-sdl_2.2.4-1~deb8u1_amd64.deb
 30db842f64f1fde84d5386a244da613742141df6 5988 vlc-plugin-svg_2.2.4-1~deb8u1_amd64.deb
 ad38c05421d2263761d5e55f3b9f4933ff81ae70 11090 vlc-plugin-zvbi_2.2.4-1~deb8u1_amd64.deb
 d3c8caf201f2840e69d286bb54d4d486b350d786 4914 vlc-plugin-samba_2.2.4-1~deb8u1_amd64.deb
 f68009b1d049c8a9279bda1500e16e2c61a3619c 918 vlc-plugin-pulse_2.2.4-1~deb8u1_all.deb
Checksums-Sha256:
 68b37d784776558d7922e624c70ce56bd018474b07fd43bf623b6a0c0410a431 5410 vlc_2.2.4-1~deb8u1.dsc
 1632e91d2a0087e0ef4c3fb4c95c3c2890f7715a9d1d43ffd46329f428cf53be 22199316 vlc_2.2.4.orig.tar.xz
 154406a165cc67dc6a309eaf427d9708d3da3e45610ff587026b6d8d22d40ed3 58632 vlc_2.2.4-1~deb8u1.debian.tar.xz
 0cd530cb3adb66bae0eda9690fb3441740768f8d007dd4d4b0e45af7284f3ddc 26644 libvlc-dev_2.2.4-1~deb8u1_amd64.deb
 d4415c1e7d600bb45c3f9f42844a3f528ebfac8b0af06d0f646c3d39476d5c60 47300 libvlc5_2.2.4-1~deb8u1_amd64.deb
 d793b7bbf2fbcefd8f6dead75589cd1ae9cdd1153961071fa08056105bdd7e80 117672 libvlccore-dev_2.2.4-1~deb8u1_amd64.deb
 73cdda1f551662662d2b1fc65ecfae53007b0da0663ceabad70fce64c49f3f1c 391538 libvlccore8_2.2.4-1~deb8u1_amd64.deb
 8cfed56989b30bb65dcbe758eaa58b5f4d5b546e38a2068e042b526f1220541d 1501062 vlc_2.2.4-1~deb8u1_amd64.deb
 ea1f614cf4fa80e722db8b2272dd50bfd3759db66fde33058d1b58a0d247240d 5991856 vlc-data_2.2.4-1~deb8u1_all.deb
 57b7f3d10b83a23e7bb46064a4205fb6e8bbedc0d557421a7fd1972521da68db 24359486 vlc-dbg_2.2.4-1~deb8u1_amd64.deb
 56b0a9a2e3009515f1654a7fc960e528cbb78c054260c12addbd613fd13b9af9 2530574 vlc-nox_2.2.4-1~deb8u1_amd64.deb
 80321147e3a93bf545d9a609f430b98b080269ddf29f8349224a85eba7433d76 5652 vlc-plugin-fluidsynth_2.2.4-1~deb8u1_amd64.deb
 910e5e09a0b2d620485ae58e70d86e76f3d94e366c3a2bbb7ba9548e41de9f4c 10928 vlc-plugin-jack_2.2.4-1~deb8u1_amd64.deb
 c9898dc5568e802d06d85bfd7ede4736339d8397b15dead71718bcee41f8777b 5406 vlc-plugin-notify_2.2.4-1~deb8u1_amd64.deb
 831a012feb3390609adf556f13cd78d75d8e71763bb4d9243dedd44d0cd4df22 8076 vlc-plugin-sdl_2.2.4-1~deb8u1_amd64.deb
 37eb8608930c0b0ed14f3dae0eace7b462418af755100ca0f852f1d7a67391f6 5988 vlc-plugin-svg_2.2.4-1~deb8u1_amd64.deb
 38f1944479c56b60e87a760983a9116b6fef583dee238cd4bede45ccc06a4a63 11090 vlc-plugin-zvbi_2.2.4-1~deb8u1_amd64.deb
 b5ee8e6ce45bdfbc32f329ee046b66e3a781f596884f87452ab6c0664eeadfd3 4914 vlc-plugin-samba_2.2.4-1~deb8u1_amd64.deb
 62615edf2cd299a2bd689a30466a73ac33275658ff546848af56797b5c57e6f9 918 vlc-plugin-pulse_2.2.4-1~deb8u1_all.deb
Files:
 3d4b9dd278afbe31d9e62cb8993b0f5b 5410 video optional vlc_2.2.4-1~deb8u1.dsc
 55666c9898f658c7fcca12725bf7dd1b 22199316 video optional vlc_2.2.4.orig.tar.xz
 87c6a121ba5861876f9cf77c071799f3 58632 video optional vlc_2.2.4-1~deb8u1.debian.tar.xz
 e63eac6a3055a19ea349246f719c9a98 26644 libdevel optional libvlc-dev_2.2.4-1~deb8u1_amd64.deb
 1c80236409bb8f1d0462f8e6568b77f1 47300 libs optional libvlc5_2.2.4-1~deb8u1_amd64.deb
 bbca40814ec4cda7a72c3820d4f42bf7 117672 libdevel optional libvlccore-dev_2.2.4-1~deb8u1_amd64.deb
 9877dba4ea9cd5d2a0274b70cdc97906 391538 libs optional libvlccore8_2.2.4-1~deb8u1_amd64.deb
 31ff984b8dacd1dfc0b4307c3267068d 1501062 video optional vlc_2.2.4-1~deb8u1_amd64.deb
 57087dd6bd9e986dd4c18b0709902ae0 5991856 video optional vlc-data_2.2.4-1~deb8u1_all.deb
 3854391d78bc430789b4c45c1a4232bd 24359486 debug extra vlc-dbg_2.2.4-1~deb8u1_amd64.deb
 6ff7bbf6ddf118553752233e30e09107 2530574 video optional vlc-nox_2.2.4-1~deb8u1_amd64.deb
 c5563b9e3473af838c52258504521965 5652 video optional vlc-plugin-fluidsynth_2.2.4-1~deb8u1_amd64.deb
 9a9c6d699833d52072c7e7fa9f092d78 10928 video optional vlc-plugin-jack_2.2.4-1~deb8u1_amd64.deb
 fec0ba619d269d52af5c5e7ec68b2745 5406 video optional vlc-plugin-notify_2.2.4-1~deb8u1_amd64.deb
 e5817abab3be7f1a7c21085159732a1d 8076 video optional vlc-plugin-sdl_2.2.4-1~deb8u1_amd64.deb
 d6c90af8c4d538ae5a4d7b9118f3376e 5988 video optional vlc-plugin-svg_2.2.4-1~deb8u1_amd64.deb
 ac042e8d1d17bde53a3631f0694a75f6 11090 video optional vlc-plugin-zvbi_2.2.4-1~deb8u1_amd64.deb
 cca09fe449945530a4ba990133d7ff1f 4914 video optional vlc-plugin-samba_2.2.4-1~deb8u1_amd64.deb
 5812aeb9ae30d6f1e4f14c3d1023b26a 918 video optional vlc-plugin-pulse_2.2.4-1~deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXVJ21AAoJEGny/FFupxmTVLYP/iQ+vX89YpDz75BRjW83JcWf
Oi8ZBxK/IjGiNWTmwbCHAnK6eAdzTd0iCgKCLhsivTvv08HKngHZiXUmYD+/5dFd
fA1fHuKWigV2thuSSjPpGTgfI4YMgeTUHtLfvrvspgDMcu6nMFZwvGoDezuIDZjv
NMUJoCNW9lrd2rBC1YiIj6QWoif9YU2TjwbrwSMdUfRCjeiG95GVcX52Et2HAiB2
kb/G5WfIJsXs+t10LAgKI4G38sN2YqiE4b9thpO1AALa1ooZ+y4jhrRwl3a8lsXf
KL0m4qeuwSOlHVaHVrOb9Sv38hU5VDagAFkQ7x3Z2xLefkPVSVi7lgiGPwOTca7z
OlUIZT66a3eDveEKKDyvfjkZjXvpF805sJMHVXxaYK9R063sFw1unlItH52qDpTT
CFRWjsMLZVyyNI5BxUx6ShbW87/hGhtaZLPK0pIWcKffvx/PHd5x3T4k+WslQZ8m
QecbtIl2yPhTKiqvwYkoDWJuHkwBGCBtbt2+dbSNdtbfZ1rc4UfEo4ShkwnVoeM5
ikD/8cw9ikbbyJSjDcPxALIS6hlh4jBOgcteaA6GCGqMYH2ZwLxrDCiLD49b5sAT
D/odjUi0LrFbhUu4bJ/pcSlvHp+ETADRotXR4YS736deoqogrwAPgydbhYgg1vN5
9cmkMdNNb6syPXBZRutG
=EK9A
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.