From bleepingcomputer.com
A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago.
According to a series of tweets posted by VLC developer Jean-Baptiste Kempf, it all started when Mitre created a CVE for a reported bug in VLC Media Player without first contacting VideoLan.