--- Begin Message ---
- To: 914641-close@bugs.debian.org
- Subject: Bug#914641: fixed in faad2 2.8.0~cvs20161113-1+deb9u2
- From: Hugo Lefeuvre <hle@debian.org>
- Date: Tue, 17 Sep 2019 11:02:35 +0000
- Message-id: <E1iABFj-000Ig9-3x@fasolo.debian.org>
Source: faad2
Source-Version: 2.8.0~cvs20161113-1+deb9u2
We believe that the bug you reported is fixed in the latest version of
faad2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 914641@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugo Lefeuvre <hle@debian.org> (supplier of updated faad2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Sep 2019 18:52:19 +0200
Source: faad2
Binary: faad faad2-dbg libfaad-dev libfaad2
Architecture: source amd64
Version: 2.8.0~cvs20161113-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Hugo Lefeuvre <hle@debian.org>
Description:
faad - freeware Advanced Audio Decoder player
faad2-dbg - freeware Advanced Audio Decoder - debugging symbols
libfaad-dev - freeware Advanced Audio Decoder - development files
libfaad2 - freeware Advanced Audio Decoder - runtime files
Closes: 914641
Changes:
faad2 (2.8.0~cvs20161113-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-20357, CVE-2018-20359, CVE-2018-20197, CVE-2018-20194,
CVE-2018-19503, CVE-2018-20361: multiple memory corruption vulnerabilities
caused by insufficiently sanitized frequency band borders.
* CVE-2018-20358, CVE-2018-20362, CVE-2018-19504, CVE-2018-20195,
CVE-2018-20198: multiple memory corruption vulnerabilities caused by syntax
element inconsistencies (implicit channel mapping reconfiguration).
* CVE-2019-15296: buffer overflow in faad_resetbits.
* CVE-2018-19502: heap based buffer overfow in excluded_channels
(libfaad/syntax.c) (Closes: #914641).
Checksums-Sha1:
b28902b110ce860c9157990e11823370ed312d8a 2089 faad2_2.8.0~cvs20161113-1+deb9u2.dsc
847e7ed97108e26e226943e7d0a6d3ea8e488134 514680 faad2_2.8.0~cvs20161113.orig.tar.xz
ec72760c3a51301c3856d73a6e8eef2259bdc320 20028 faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz
5a11c0dd7268f3cda885c22b4b3c177699e22b8c 504518 faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb
aa50bd84e4da5b091a80a27908b88f62d67407a5 6599 faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo
88239931302f9996ad1e964bb766a5f3f78e3977 38856 faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb
0685535056e11ee7868bc6ff46dddf49312387d7 183002 libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb
2d92c723e6669596454cec21c2f9b2a23eb864d3 167612 libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb
Checksums-Sha256:
30f8c2f18fcb72c69453d95215db457816c313c05b0b76e096206dce90a27913 2089 faad2_2.8.0~cvs20161113-1+deb9u2.dsc
de34bce327eac8a89cd58b7d44dfb58988033de6fda0ab9582ed0585fc3fd07e 514680 faad2_2.8.0~cvs20161113.orig.tar.xz
30544dbfb514d347846e02483074c7a8c1595bd10bd12f99bb1f3c48670c1bf3 20028 faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz
1a85775f9c880bdb63142915234a421ff7dc041642ed2673e3edc4ecddceaeff 504518 faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb
6877c0a49a4c5058d76fea41a5426980f271eb3da703c9f12126114c05a4b1ed 6599 faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo
810a15e0d973b0bffe5a62791a49a430b6466a1b44575284a998a84c36ae7db7 38856 faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb
b725cb0e79c0abdd0e2c388f4dab0703bf4d2e115c1f7bc5e1c74b86389ee126 183002 libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb
3599e04124569c727728059babf065a72acf45bde32f4183dc3a972e57dc23eb 167612 libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb
Files:
cf3efb1176116c2603c455be044b42c2 2089 libs optional faad2_2.8.0~cvs20161113-1+deb9u2.dsc
bceecaced180cdeb9f73d7d04967ce46 514680 libs optional faad2_2.8.0~cvs20161113.orig.tar.xz
f8c3046409c156cc450b14d3fed45968 20028 libs optional faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz
52923116b30104c7e545bbe12f7a0442 504518 debug extra faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb
b772ecc0f442d2950481885bae1cc355 6599 libs optional faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo
165a25ea9a94731137f77500657b0eed 38856 sound optional faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb
2c66a1b4fbbf1f277db23b20cc83da0f 183002 libdevel optional libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb
90384d4f9b97ddf3798dc2e457ecc487 167612 libs optional libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl17xakACgkQEeMFjl5E
GkJCagv8DZekcn4bkrWtHXZ821iuwWfvXiuDLqzE3rMQtTEv1RUCbA5ZJyP7zepa
bl6dRTEWaZjaC6EHg53jxKEUGeHQBNDcYY9F+sfej6pQa8ckzv8/ziLgxSwned7R
uZSaDNLPWA6nhrETFFddtSDnQYv/rasYwjy5t2C/aXfoRq2KJwPLVKTig5DxwoMQ
+tOpU+EJcjTgHqBNJW+UVzBdO3hJM0ENOWUN73kWczEfXetjp1D75dZmQ4bJtHFr
hF+3AlN+e7ktStX3BZDJ1YOQK0YsikHj62oLGSF/eWxBTwX3iH1tEAMuo+NQCYJy
uCxaAKKDWzyBgiOJZmWXzFQyzQwTI1MB2yaz0/m5Xsbf0XGCpxqQvzFV1/A8GZCD
8yhzjVWcdTVGP+wMVg0REZh9YFfjMRvgvu0mW+m+elPNdXMbWJ5T0OpPyaCcY7lI
11bWDUJctwsv/vO21hze6nkSKWq30FboELg7stugXD/XXdhmVcme011QP5MPhwFn
vyI4qKdJ
=S5XT
-----END PGP SIGNATURE-----
--- End Message ---