-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 May 2019 11:17:06 +0200 Source: faad2 Binary: libfaad-dev libfaad2 faad2-dbg faad Architecture: source amd64 Version: 2.7-8+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: faad - freeware Advanced Audio Decoder player faad2-dbg - freeware Advanced Audio Decoder - debugging symbols libfaad-dev - freeware Advanced Audio Decoder - development files libfaad2 - freeware Advanced Audio Decoder - runtime files Changes: faad2 (2.7-8+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2018-20198, CVE-2018-20362: implicit channel mapping reconfiguration is not properly handled, leading to heap based buffer overflow issues when processing crafted AAC files. * CVE-2018-20197, CVE-2018-20194: insufficient user input validation in sbr_hfadj module leads to stack-based buffer underflow issues when processing crafted AAC files. Checksums-Sha1: 8f5ad25f372c1430cc4b3c329ce7f42b265cb47a 1871 faad2_2.7-8+deb8u2.dsc 22118978d00988b6cc6898e7dc7f7849711016e9 1124523 faad2_2.7.orig.tar.gz 92b163a8d341f6c99a08fd17b8e5663452248b55 21556 faad2_2.7-8+deb8u2.debian.tar.xz 0e29b95914446ac4701b40e69adf88e25b00a064 159096 libfaad-dev_2.7-8+deb8u2_amd64.deb 78d1bc65ee689831a11e5fdf8d106628b4ad1c19 146592 libfaad2_2.7-8+deb8u2_amd64.deb 714d628e2a54bd25c977d9bb8135f0de37494863 274392 faad2-dbg_2.7-8+deb8u2_amd64.deb dac37839bbcc13a52f664ef485c22cd978961933 36918 faad_2.7-8+deb8u2_amd64.deb Checksums-Sha256: 0a2836daf966d6b2764366cd11c6b79f7af4b7b922c24065a61119d946524908 1871 faad2_2.7-8+deb8u2.dsc 9d5e35f104c531ef3ff7f4a514578bdfaff3df99ee35ccccb121b0a859295270 1124523 faad2_2.7.orig.tar.gz 16525b71bf5d2c1343364a4823fdcb71d8c15976afe059d6974d8b9bfabfe1f5 21556 faad2_2.7-8+deb8u2.debian.tar.xz b0089b744ec0c037f0dabe6c4e4650ea5583165dceecc8e585defdf371d35609 159096 libfaad-dev_2.7-8+deb8u2_amd64.deb 5fd6ae88046d21b9bebcdd6849394d48f187f317ebbecd89c20373b08431d1da 146592 libfaad2_2.7-8+deb8u2_amd64.deb da6c4f068a31086f61b8142b9c754b63c6d67e77f0af84218cf82d3b0b7b2dfd 274392 faad2-dbg_2.7-8+deb8u2_amd64.deb b9eb6f00c9b61f690e93bb81da5ace8a17381eaa545476567725bed95f2ef73b 36918 faad_2.7-8+deb8u2_amd64.deb Files: e1525467d3f4dc69c54cd9b63c452875 1871 libs optional faad2_2.7-8+deb8u2.dsc 1572090beee91d91efd088394da68214 1124523 libs optional faad2_2.7.orig.tar.gz 8d77b7d9e5a6a17b1afd952c2ab9f3e5 21556 libs optional faad2_2.7-8+deb8u2.debian.tar.xz e446fad52cc7a2ccab3d57f8d8d545f7 159096 libdevel optional libfaad-dev_2.7-8+deb8u2_amd64.deb 61698d193668005ecc6104c5e9beab4b 146592 libs optional libfaad2_2.7-8+deb8u2_amd64.deb 6cf5def7f4fae1fe201034f081ba9358 274392 debug extra faad2-dbg_2.7-8+deb8u2_amd64.deb 44206802c7ec699bf0b73aaf7b2709c9 36918 sound optional faad_2.7-8+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlzhR+IACgkQZYVUZx9w 0DQycwf/Z9tuXEW2obgPw3VsYHoU5VWX5dOCOVItw6AIIhH/V7VSNmy4MsA/Flb+ 5BO9+GdL+OCKHJADelK1z5alpYtaW6Hh+V/wCxK3QKeixe4Jtku/1C6y3QrsX+xG CMmLCz60LVVb2kiw/wxM1GymkWOq2YsAL18rMaxPGXOY08A9zau7tPv1yOop3THG Fk8A2lukzp3z0vVR6IUKZEO7GQ/fjawSviN/I5sjkepGT/qYB66g6DidD6IdAdLf xC4MIEy0kL2WDFtEgQiE/LNhdOYuBaOc79ErmYZJJM+kODM7iMGH9ocsxqRSoQIF ftrfFPgQ47ue06xKymO9vTre5ybLGQ== =vfQf -----END PGP SIGNATURE-----
