Branches for Dapper

Author: Daniel T Chen
Revision Date: 2006-05-23 03:42:19 UTC

"'Time to race', she said, 'Race the downhill'."

* Add debian/patches/24_prefs_stacking_fix, fixing stacking in
  Preferences dialog. Taken from upstream svn changeset 13795, thanks
  to Bruce Cowan (Closes: Malone #31891).
* Demote ttf-freefont, ttf-thryomanes to Suggests as the former
  provides bad metrics for Thai. See Debian #362071 for additional
  information.
* Don't use gcc-snapshot as the compiler. See Debian #361729 for more
  information.
* Make vlc.desktop HIG-compliant.
* Rebuild against new libebml-dev and libmatroska-dev, fixing crashes
  with Matroska files (Closes: Malone #29644).
* Use our own faad2 and x264, fixing garbled graphics (Closes: Malone
  #28539). Please see Debian #365389 if the inclusion of these
  libraries stirs your ire.

Author: Emanuele Gentili
Revision Date: 2008-04-01 03:48:00 UTC

* SECURITY UPDATE: (LP: #207284)
 + debian/patches/031_CVE-2008-1489.dpatch
  - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
    remote attackers to cause a denial of service (crash) and possibly
    execute arbitrary code via a crafted MP4 RDRF box that triggers a
    heap-based buffer overflow.

* References
 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
 + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

Author: Emanuele Gentili
Revision Date: 2008-04-01 03:48:00 UTC

* SECURITY UPDATE: (LP: #207284)
 + debian/patches/031_CVE-2008-1489.dpatch
  - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
    remote attackers to cause a denial of service (crash) and possibly
    execute arbitrary code via a crafted MP4 RDRF box that triggers a
    heap-based buffer overflow.

* References
 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
 + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a