939699 - Update VLC plugin to 2.1.2

Status: RESOLVED FIXED

(Websites :: plugins.mozilla.org, defect)

Description

[sjw]

Videolan has fixed some secutity issues, so we should mark older versions as outdated or vulnerable.

Comment 1

[Carsten Book [:Tomcat]]

taking

Comment 2

[sjw]

Any news? It shouldn't be hard to fix.

Comment 3

[sjw]

Videolan released v 2.1.2

Comment 4

[Carsten Book [:Tomcat]]

should be fixed now

Comment 5

[Rinus Leeuw]

NOT fixed by VLC. The npvlc.dll is still showing the 2.1.0 version.

Comment 6

[Alice Wyman]

Related support forum thread (includes screenshots):

https://support.mozilla.org/questions/982481 plugin check not working 

"The Firefox plugin checker is reporting "Update Now" for VLC media player Web Plugin 2.1.0. The 'update now' link invites me to download Plugin 2.1.2. but i already have 2.1.2 installed"

The PluginCheck page should be reporting that version 2.1.0 of the VLC Web Plugin is up to date, since it's the latest available version of the VLC media player Web Plugin file npvlc.dll included with VLC Media Player 2.1.2

Comment 7

[Alice Wyman]

Additional info:
https://forum.videolan.org/viewtopic.php?f=2&t=116442 
Re: VLC v2.1.2 vulnerable to RTSP attack

Postby Jean-Baptiste Kempf » Fri Jan 03, 2014 5:42 pm
If you installed the firefox plugin with 2.1.2, then it is fixed. Even if the number is 2.1.0 in the firefox plugin.

Comment 8

[sjw]

Should we reopen until we can fix this?

Comment 9

[Alice Wyman]

Yes, I think this bug should be reopened.

Comment 10

[Alice Wyman]

This is apparently fixed, as now reported in the related support forum thread, https://support.mozilla.org/questions/982481 

I can confirm that PluginCheck now shows "VLC media player Web Plugin 2.1.0" as being up-to-date.

Comment 11

[sjw]

Seems fixed with VLC 2.1.3