openSUSE-SU-2023:0365-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0365-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0365-1
Related
Published
2023-11-12T13:00:59Z
Modified
2023-11-12T13:00:59Z
Summary
Security update for vlc
Details

This update for vlc fixes the following issues:

Update to version 3.0.20:

  • Video Output:
    • Fix green line in fullscreen in D3D11 video output
    • Fix crash with some AMD drivers old versions
    • Fix events propagation issue when double-clicking with mouse wheel
  • Decoders:
    • Fix crash when AV1 hardware decoder fails
  • Interface:
    • Fix annoying disappearance of the Windows fullscreen controller
  • Demuxers:
    • Fix potential security issue (OOB Write) on MMS:// by checking user size bounds

Update to version 3.0.19:

  • Core:
    • Fix next-frame freezing in most scenarios
  • Demux:
    • Support RIFF INFO tags for Wav files
    • Fix AVI files with flipped RAW video planes
    • Fix duration on short and small Ogg/Opus files
    • Fix some HLS/TS streams with ID3 prefix
    • Fix some HLS playlist refresh drift
    • Fix for GoPro MAX spatial metadata
    • Improve FFmpeg-muxed MP4 chapters handling
    • Improve playback for QNap-produced AVI files
    • Improve playback of some old RealVideo files
    • Fix duration probing on some MP4 with missing information
  • Decoders:
    • Multiple fixes on AAC handling
    • Activate hardware decoding of AV1 on Windows (DxVA)
    • Improve AV1 HDR support with software decoding
    • Fix some AV1 GBRP streams, AV1 super-resolution streams and monochrome ones
    • Fix black screen on poorly edited MP4 files on Android Mediacodec
    • Fix rawvid video in NV12
    • Fix several issues on Windows hardware decoding (including 'too large resolution in DxVA')
    • Improve crunchyroll-produced SSA rendering
  • Video Output:
    • Super Resolution scaling with nVidia and Intel GPUs
    • Fix for an issue when cropping on Direct3D9
    • Multiple fixes for hardware decoding on D3D11 and OpenGL interop
    • Fix an issue when playing -90�rotated video
    • Fix subtitles rendering blur on recent macOS
  • Input:
    • Improve SMB compatibility with Windows 11 hosts
  • Contribs:
    • Update of fluidlite, fixing some MIDI rendering on Windows
    • Update of zlib to 1.2.13 (CVE-2022-37434)
    • Update of FFmpeg, vpx (CVE-2023-5217), ebml, dav1d, libass
  • Misc:
    • Improve muxing timestamps in a few formats (reset to 0)
    • Fix some rendering issues on Linux with the fullscreen controller
    • Fix GOOM visualization
    • Fixes for Youtube playback
    • Fix some MPRIS inconsistencies that broke some OS widgets on Linux
    • Implement MPRIS TrackList signals
    • Fix opening files in read-only mode
    • Fix password search using the Kwallet backend
    • Fix some crashes on macOS when switching application
    • Fix 5.1/7.1 output on macOS and tvOS
    • Fix several crashes and bugs in the macOS preferences panel
    • Improvements on the threading of the MMDevice audio output on Windows
    • Fix a potential security issue on the uninstaller DLLs
    • Fix memory leaks when using the medialistplayer libVLC APIs
  • Translations:
    • Update of most translations
    • New translations to Esperanto, Interlingue, Lao, Macedonian, Burmese, Odia, Samoan and Swahili
References

Affected packages

SUSE:Package Hub 15 SP4 / vlc

Package

Name
vlc
Purl
purl:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.20-bp154.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "libvlccore9": "3.0.20-bp154.2.6.1",
            "vlc-jack": "3.0.20-bp154.2.6.1",
            "vlc-codec-gstreamer": "3.0.20-bp154.2.6.1",
            "vlc": "3.0.20-bp154.2.6.1",
            "vlc-devel": "3.0.20-bp154.2.6.1",
            "vlc-vdpau": "3.0.20-bp154.2.6.1",
            "vlc-qt": "3.0.20-bp154.2.6.1",
            "vlc-lang": "3.0.20-bp154.2.6.1",
            "vlc-noX": "3.0.20-bp154.2.6.1",
            "vlc-opencv": "3.0.20-bp154.2.6.1",
            "libvlc5": "3.0.20-bp154.2.6.1"
        }
    ]
}

openSUSE:Leap 15.4 / vlc

Package

Name
vlc
Purl
purl:rpm/suse/vlc&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.20-bp154.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "libvlccore9": "3.0.20-bp154.2.6.1",
            "vlc-jack": "3.0.20-bp154.2.6.1",
            "vlc-codec-gstreamer": "3.0.20-bp154.2.6.1",
            "vlc": "3.0.20-bp154.2.6.1",
            "vlc-devel": "3.0.20-bp154.2.6.1",
            "vlc-vdpau": "3.0.20-bp154.2.6.1",
            "vlc-qt": "3.0.20-bp154.2.6.1",
            "vlc-lang": "3.0.20-bp154.2.6.1",
            "vlc-noX": "3.0.20-bp154.2.6.1",
            "vlc-opencv": "3.0.20-bp154.2.6.1",
            "libvlc5": "3.0.20-bp154.2.6.1"
        }
    ]
}