Security update for vlc (important)

An update that fixes 7 vulnerabilities is now available.

Description:

This update for vlc to version 3.0.7.1 fixes the following issues:

Security issues fixed:

• CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
• CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
• CVE-2019-5460: Fixed a double free (bsc#1143547).
• CVE-2019-12874: Fixed a double free in zlib_decompress_extra in
  modules/demux/mkv/util.cpp (bsc#1138933).
• CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
• CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec
  (boo#1142161).

Non-security issues fixed:

• Video Output:
  • Fix hardware acceleration with some AMD drivers
  • Improve direct3d11 HDR support
• Access:
  • Improve Blu-ray support
• Audio output:
  • Fix pass-through on Android-23
  • Fix DirectSound drain
• Demux: Improve MP4 support
• Video Output:
  • Fix 12 bits sources playback with Direct3D11
  • Fix crash on iOS
  • Fix midstream aspect-ratio changes when Windows hardware decoding is on
  • Fix HLG display with Direct3D11
• Stream Output: Improve Chromecast support with new ChromeCast apps
• Misc:
  • Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
  • Work around busy looping when playing an invalid item with loop enabled
• Updated translations.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2019-1840=1