VLC 3.0 Vetinari Released

Discussion in 'other software & services' started by anon, Feb 9, 2018.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,616
    Location:
    Outer space
    Yes, I was wondering about that as well. There is no new security advisory either (https://www.videolan.org/security/) but afaik they only publish advisories when there is a vulnerability in VLC itself, not when it is in a 3rd party library.
     
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,337
    Location:
    the Netherlands
    Thanks, I forgot about the security advisories!
    But as you say, not all security fixes are published in security advisories.
    For instance, the security fixes in 3.0.3 weren't published in a security advisory (3rd party libraries updated).
    And the security fixes in 2.2.8 and 2.2.7 weren't published in a security advisory, either (2.2.8: AVI demuxer; 2.2.7: flac and the libavcodec modules, in the avi module).
    On the other hand, I see that security advisory 1801 reported a vulnerability in 3.0.0 and 3.0.1 that was fixed in 3.0.2, which was not clearly mentioned in changelog or news archive.
     
  3. max2

    max2 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    365
    Is using VLC Player 2.2.8 a bad idea even if it works better for you?

    Is it a security risk ?
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,337
    Location:
    the Netherlands
    I am not sure.
    The changelog for VLC media player 3.0.3 said "Numerous 3rd party libraries updated, fixing security issues". It was not specified whether the security issues were in 3.0.x only, or in VLC media player 2.2.8 as well.
    May 30, I concluded that with no further information available, I had to assume that VLC media player 3.0.3 should be considered as a security update to all previous versions.
    Whether using VLC media player 2.2.8 is a security risk, I cannot tell for sure, but I'd rather use the current version 3.0.4.
     
  5. max2

    max2 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    365
    Thanks for the honest and easy answer!
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    VLC media player v3.0.5 (December 26, 2018)
    Website
    Download: https://download.videolan.org/pub/videolan/vlc/3.0.5/
    Changes:
    Changes between 3.0.4 and 3.0.5:
    --------------------------------

    Access:
    * Improve RTSP playback
    * BluRay fixes and improvements, notably for menus and seeking
    * Improve the UDP/RTP truncated issue

    Codec:
    * Add a new AV1 decoder based on dav1d library
    * Enable libaom decoder by default
    * Fix decoding of some HEVC streams with macOS hardware decoding

    Demux:
    * MP4: Fix reading of some HDR metadata
    * Miscellaneous AV1 demuxing improvements
    * Fix CAF integer-underflow
    * Fix an MKV crash on iOS 12.0, on iPhone XS phones

    Packetizer:
    * Add an AV1 packetizer

    macOS:
    * Starting with VLC 3.0.5, VLC will be distributed with runtime hardening
    enabled on macOS Mojave.
    All external VLC plugins need to be signed by a DeveloperID certificate in order
    to continue working with the official VLC package.
    * Update the VLC dark UI to better match the dark mode of macOS Mojave
    * Fix convert & save panel stream option

    Audio output:
    * Fix corking when the playback state is paused
    * Improve corking on Android

    Video Output:
    * Fix Direct3D11 tone-mapping when HDR is displayed on an SDR screen
    * More accurate colors for SD sources in Direct3D11
    * Disable hardware decoding on some old Intel GPUs
    * Fix zero-copy GPU acceleration on AMD RX Vega
    * Misc Direct3D11 fixes

    Miscellaneaous:
    * Improve ChromeCast
    * Update numerous 3rd party libraries, including for minor security issues
    * Update Youtube support
    * Fix subtitles rendering with specific fonts with negative horizontal advance
     
  7. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,337
    Location:
    the Netherlands
    Thanks, mood.
    VLC media player 3.0.5 looks to be a (minor) security update, because of "Miscellaneaous: Update numerous 3rd party libraries, including for minor security issues".
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,616
    Location:
    Outer space
    The news archive has finally been updated with the 3.0.4 release, which points to here:
    https://www.videolan.org/vlc/releases/3.0.4.html
    So we can finally conclude that 3.0.4 did fix security issues.


    Also in the changelog, for macOS.
    "* Starting with VLC 3.0.5, VLC will be distributed with runtime hardening
    enabled on macOS Mojave.
    "
    Not a vulnerability fix, but it improves security, so I thought it was worth mentioning.
     
  9. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,337
    Location:
    the Netherlands
    Thanks, BoerenkoolMetWorst.
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    VLC media player v3.0.6 (January 10, 2019)
    Website
    Download: https://download.videolan.org/pub/videolan/vlc/3.0.6/
    Changes:
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    VLC hits three billion downloads, announces support for AirPlay and more
    January 11, 2019
    https://www.neowin.net/news/vlc-hits-three-billion-downloads-announces-support-for-airplay-and-more
     
  12. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    71,725
    Location:
    U.S.A.
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    Thanks @JRViejo-VLC is pretty much one of only two that's been reliable on this end and that says something for portable players since commercial players almost always want to insert feelers spread all around a PC system and some even add an extra running process or two that demands additional energy/resources to run.
     
  14. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    71,725
    Location:
    U.S.A.
    EASTER, you're welcome! It's one of the best for sure. Take care.
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    VLC app is available to Huawei users again as VideoLAN quietly lifts block
    April 16, 2019
    https://www.neowin.net/news/vlc-app...i-users-again-as-videolan-quietly-lifts-block
     
  16. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,812
    VLC Media Player 3.0.7 released: security updates and improvements
    June 06, 2019
    https://www.ghacks.net/2019/06/06/vlc-media-player-3-0-7-released-security-updates-and-improvements/
    -------------
    Changes between 3.0.6 and 3.0.7:
    http://www.videolan.org/developers/vlc-branch/NEWS
    Changes between 3.0.6 and 3.0.7:
    --------------------------------

    Access:
    * Improve Blu-ray support
    * Fix sftp module build with libssh >= 1.8.1

    Audio output:
    * Fix pass-through on Android-23
    * Fix DirectSound drain

    Demux:
    * Improve MP4 support

    Video Output:
    * Fix 12 bits sources playback with Direct3D11
    * Fix crash on iOS
    * Fix midstream aspect-ratio changes when Windows hardware decoding is on
    * Fix HLG display with Direct3D11

    Stream Output:
    * Improve Chromecast support with new ChromeCast apps

    macOS:
    * Fix UPNP service discovery, services are discovered on the highest priority
    active network interface now
    * Fix video distortion on macOS Mojave

    Misc:
    * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
    * Work around busy looping when playing an invalid item with loop enabled

    Translations:
    * Update of most translations

    Security:
    * Fix multiple buffer overflows in the ps demuxer
    * Fix a buffer overflow when copying a biplanar YUV image
    * Fix multiple buffer overflows in the faad decoder
    * Fix buffer overflow in the svcdsub decoder
    * Fix buffer overflows in the ogg muxer & demuxer
    * Fix buffer overflows in libavformat demuxer
    * Fix multiple buffer overflows in the MKV demuxer
    * Fix a buffer overflow in the MP4 demuxer
    * Fix a buffer overflow in the textst decoder
    * Fix a buffer overflow in the webvtt decoder
    * Fix a buffer overflow in the ASF demux
    * Fix a buffer overflow in the UPNP SD
    * Fix use after free in the ogg demuxer
    * Fix multiple use after free in the MKV demuxer
    * Fix multiple use after free in the DMO decoder
    * Fix integer underflow in the MKV demuxer
    * Fix an updater NULL pointer dereference on invalid signing keys
    * Fix NULL pointer dereference in the MKV demuxer
    * Fix an integer overflow in the spudec decoder
    * Fix an integer overflow in the nsc demuxer
    * Fix an integer overflow in the avi demuxer
    * Fix reads of uninitialized pointers in the MKV demuxer
    * Fix a floating point exception in the MKV demuxer
    * Fix an infinite loop in the flac packetizer

    Edit:
    www.videolan.org/vlc/download-windows.html
    http://www.videolan.org/
     
    Last edited: Jun 7, 2019
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,454
    Location:
    Slovenia
    VLC Player Gets Patched for Two High-Severity Bugs
    https://threatpost.com/vlc-player-gets-patched-for-two-high-severity-bugs/
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    VLC media player v3.0.7.1 Released (June 11, 2019)
    Website
    Changes:
    Changes between 3.0.7 and 3.0.7.1:
    ----------------------------------

    Access:
    * Update libbluray to 1.1.2

    macOS:
    * Fix bluray java menu playback regression in 3.0.7

    Video Output:
    * Fix hardware acceleration with some AMD drivers
    * Improve direct3d11 HDR support
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,616
    Location:
    Outer space
    VideoLAN Security Advisory 1901
    https://www.videolan.org/security/sa1901.html
     
  21. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    71,725
    Location:
    U.S.A.
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
  23. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    71,725
    Location:
    U.S.A.
    EASTER, you're welcome! Take care.
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    VLC v3.0.7.1
    German cybersecurity agency identifies critical flaw in VLC Media Player
    July 19, 2019
    https://www.neowin.net/news/german-cybersecurity-agency-identifies-critical-flaw-in-vlc-media-player
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    'Critical' vulnerability discovered in VLC on Linux and Windows -- but VideoLAN says it is not reproducible
    July 24, 2019
    https://betanews.com/2019/07/24/vlc-critical-bug-denial/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.