This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4419864122791737028==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="ORJWvag83ky2msQtkcZ7ZxtKZC1Uo8KHt"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ORJWvag83ky2msQtkcZ7ZxtKZC1Uo8KHt
Content-Type: multipart/mixed;
 boundary="V17D9yxZ3Uw5nUdfjn3wXo6lVGgk7FAwp";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
 <ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <8c294959-abc5-bb3b-19b1-2a175d452ef0@canonical.com>
Subject: [USN-4131-1] VLC vulnerabilities

--V17D9yxZ3Uw5nUdfjn3wXo6lVGgk7FAwp
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4131-1
September 11, 2019

vlc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in VLC.

Software Description:
- vlc: multimedia player and streamer

Details:

It was discovered that VLC incorrectly handled certain media files. If a
user were tricked into opening a specially-crafted file, a remote attacker
could use this issue to cause VLC to crash, resulting in a denial of
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  vlc                             3.0.8-0ubuntu19.04.1

Ubuntu 18.04 LTS:
  vlc                             3.0.8-0ubuntu18.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4131-1
  CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498,
  CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776,
  CVE-2019-14777, CVE-2019-14778, CVE-2019-14970

Package Information:
  https://launchpad.net/ubuntu/+source/vlc/3.0.8-0ubuntu19.04.1
  https://launchpad.net/ubuntu/+source/vlc/3.0.8-0ubuntu18.04.1


--V17D9yxZ3Uw5nUdfjn3wXo6lVGgk7FAwp--

--ORJWvag83ky2msQtkcZ7ZxtKZC1Uo8KHt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl15N2AACgkQZWnYVadE
vpOy6g//Yt/VjbtYXvCBeaL/srypdmZ3QLxBRC5LR1P8Ed7lCjh+SAaOMAzalpbK
+XZrT0F4cjkJtjGsaWNwJxf5I5cDhQsJLH1cJvMiBFEiG/DM3IbYPvM2nI/LzE5R
8TgJ9goW1LzpD0RBabzuMPF61iLjH4lQf1CCnZvtqz511HPpnsBMWIaYHdou/YdX
jKpsvme4XXWR15ATV83p9PZ/2yjGZeTRspi/mHpk69AyidHfCXH2IfhGjk/Og405
jufSCMPIGDFib4eCqcWWsYFbVvTMgZwu6oeITC/ZjQBCd7jhYu0NTqydySPNS1Qb
qaK9AdxGXfficnRTEKrllsy8VR8Ak9+J8zEAfI/92aPddrU8EWf0WLIAlDzRPn2P
mGFt3a5+cm/d7TqvrmR35ANfPhHShtjzJbYpuzUj09T1q+ynXT65NnOj6Nk66BJq
h1FeDviBiNq6XDzF2H/lqyh4H5JrVV4n0LTGwM8sFo2BTpoePb1PdarNHCt9nkLd
Ne1A+3K4ICqLlhzP6mtVUzWht4SQjXeQSIoGvRwqjSqkLBuOdvc9m6UwosTRlHrt
8vM3LJ/i+YWQSuo3yFkZWZ+DmL/HB0+A1hDZ+z2ULd7E+x06ZdHSaOjt5NDtJbfX
V9zOYMeEIXVHQZX5zydDSyBcgr99T+uB9gMrnSnLvhhKNzvfxEM=
=+awa
-----END PGP SIGNATURE-----

--ORJWvag83ky2msQtkcZ7ZxtKZC1Uo8KHt--


--===============4419864122791737028==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============4419864122791737028==--