Comment 24 for bug 1025713

This bug was fixed in the package vlc - 2.0.3-0ubuntu0.12.04.1

---------------
vlc (2.0.3-0ubuntu0.12.04.1) precise-security; urgency=low

  * New bug-fixing upstream release (LP: #1025713).
  * SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function
    in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before
    2.0.2 allows remote attackers to cause a denial of service (application
    crash) and possibly execute arbitrary code via a crafted OGG file.
    - CVE-2012-3377

vlc (2.0.2-2) unstable; urgency=low

  * Add missing epoch to libqt4-dev build dependency.
  * Drop libggi2-dev from build dependencies (not needed any more).
    (Closes: #680237)
  * The dependency ttf-freefont was renamed to fonts-freefont-ttf.

vlc (2.0.2-1) unstable; urgency=medium

  [ Edward Wang ]
  * New upstream release (Closes: #679625, #664279, LP: #689122, #936488,
    #942126, #971106, #972615, #973051, #987231, #995003, #998538).
    - Fix Ogg Heap buffer overflow. Thanks to Hugo Beauzée-Luyssen
  * Add the crystalhd plugin to the vlc distribution.
  * libcaca_plugin.so now depends on X11 in this release, so it must
    be installed under vlc (versus vlc-nox).

  [ Reinhard Tartler ]
  * Urgency set to medium because a security issue is fixed in this release

  [ Benjamin Drung ]
  * Add new plugins to vlc-nox:
    - crystalhd (Linux amd64 and i386 only)
    - directfb
    - fbosd (Linux only)
    - omxil (Linux only)
  * Add build dependencies for new plugins.
  * Add new symbols to libvlccore5.
  * Switch to debhelper 8.
 -- Benjamin Drung <email address hidden> Tue, 24 Jul 2012 00:44:39 +0200