openSUSE Security Update: Security update for vlc______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0691-1Rating: moderateReferences: #1181918 Cross-References: CVE-2020-26664CVSS scores: CVE-2020-26664 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAffected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that fixes one vulnerability is now available.Description: This update for vlc fixes the following issues: Update to version 3.0.13: + Demux: - Adaptive: fix artefacts in HLS streams with wrong profiles/levels - Fix regression on some MP4 files for the audio track - Fix MPGA and ADTS probing in TS files - Fix Flac inside AVI files - Fix VP9/Webm artefacts when seeking + Codec: - Support SSA text scaling - Fix rotation on Android rotation - Fix WebVTT subtitles that start at 00:00 + Access: - Update libnfs to support NFSv4 - Improve SMB2 integration - Fix Blu-ray files using Unicode names on Windows - Disable mcast lookups on Android for RTSP playback + Video Output: Rework the D3D11 rendering wait, to fix choppiness on display + Interfaces: - Fix VLC getting stuck on close on X11 (#21875) - Improve RTL on preferences on macOS - Add mousewheel horizontal axis control - Fix crash on exit on macOS - Fix sizing of the fullscreen controls on macOS + Misc: - Improve MIDI fonts search on Linux - Update Soundcloud, Youtube, liveleak - Fix compilation with GCC11 - Fix input-slave option for subtitles + Updated translations. Update to version 3.0.12: + Access: Add new RIST access module compliant with simple profile (VSF_TR-06-1). + Access Output: Add new RIST access output module compliant with simple profile (VSF_TR-06-1). + Demux: Fixed adaptive’s handling of resolution settings. + Audio output: Fix audio distortion on macOS during start of playback. + Video Output: Direct3D11: Fix some potential crashes when using video filters. + Misc: - Several fixes in the web interface, including privacy and security improvements - Update YouTube and Vocaroo scripts. + Updated translations.Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-691=1Package List: - openSUSE Leap 15.2 (noarch): vlc-lang-3.0.13-lp152.2.12.1 - openSUSE Leap 15.2 (x86_64): libvlc5-3.0.13-lp152.2.12.1 libvlc5-debuginfo-3.0.13-lp152.2.12.1 libvlccore9-3.0.13-lp152.2.12.1 libvlccore9-debuginfo-3.0.13-lp152.2.12.1 vlc-3.0.13-lp152.2.12.1 vlc-codec-gstreamer-3.0.13-lp152.2.12.1 vlc-codec-gstreamer-debuginfo-3.0.13-lp152.2.12.1 vlc-debuginfo-3.0.13-lp152.2.12.1 vlc-debugsource-3.0.13-lp152.2.12.1 vlc-devel-3.0.13-lp152.2.12.1 vlc-jack-3.0.13-lp152.2.12.1 vlc-jack-debuginfo-3.0.13-lp152.2.12.1 vlc-noX-3.0.13-lp152.2.12.1 vlc-noX-debuginfo-3.0.13-lp152.2.12.1 vlc-opencv-3.0.13-lp152.2.12.1 vlc-opencv-debuginfo-3.0.13-lp152.2.12.1 vlc-qt-3.0.13-lp152.2.12.1 vlc-qt-debuginfo-3.0.13-lp152.2.12.1 vlc-vdpau-3.0.13-lp152.2.12.1 vlc-vdpau-debuginfo-3.0.13-lp152.2.12.1References: https://www.suse.com/security/cve/CVE-2020-26664.html https://bugzilla.suse.com/1181918