Ubuntu
vlc package

vlc CVE-2011-0531 not fixed, not tracked?

Asked by gialdo

The package "vlc" in the currently supported stable versions of Ubuntu is vulnerable
http://www.videolan.org/security/sa1102.html
It's been fixed upstream on February 1, as of today, Feb 6, no fix has been pushed into the repos.

The CVE isn't tracked here:
http://people.canonical.com/~ubuntu-security/cve/pkg/vlc.html

I suppose the maintainers are well aware of these facts and working on a backport but the CVE tracker is pretty useless right now and I don't know if and how this is taken care of.

If I'm not mistaken I should be able to see the "proposed" package before it hits universe here: https://launchpad.net/ubuntu/maverick/+source/vlc/+builds

Sorry if this is the wrong approach or if I'm missing something obvious. I'm not very familiar with launchpad but that's why I'm here and asking.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu vlc Edit question
Assignee:
No assignee Edit question
Solved by:
actionparsnip
Solved:
Last query:
Last reply:
Revision history for this message
Best actionparsnip (andrew-woodhead666) said : 		#1

Log a bug

Revision history for this message
gialdo (gial-do-deactivatedaccount-deactivatedaccount) said : 		#2

Thanks actionparsnip, that solved my question.