-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 26 Aug 2019 09:01:01 -0400 Source: faad2 Binary: libfaad-dev libfaad2 faad2-dbg faad Architecture: source amd64 Version: 2.7-8+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: faad - freeware Advanced Audio Decoder player faad2-dbg - freeware Advanced Audio Decoder - debugging symbols libfaad-dev - freeware Advanced Audio Decoder - development files libfaad2 - freeware Advanced Audio Decoder - runtime files Closes: 914641 Changes: faad2 (2.7-8+deb8u3) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2019-6956: Buffer over read in the function ps_mix_phase() (libfaad/ps_dec.c). * CVE-2018-19502: Heap buffer overflow in the function excluded_channels() (libfaad/syntax.c) (Closes: #914641). * CVE-2018-20196: Stack buffer overflow in the function calculate_gain (libfaad/sbr_hfadj.c). * CVE-2018-20199, CVE-2018-20360: NULL pointer dereference in the function ifilter_bank (libfaad/filtbank.c). * CVE-2019-15296: Buffer overflow in the function faad_resetbits() (libfaad/bits.c). Checksums-Sha1: a177bb049a6d076866a6aad7dffd3022be785f9c 2066 faad2_2.7-8+deb8u3.dsc f07f93911b65ccc665a11af98ee2d13b2842f224 23680 faad2_2.7-8+deb8u3.debian.tar.xz 29e3e3fb0447eebc086068133599c0ab4ba52529 159568 libfaad-dev_2.7-8+deb8u3_amd64.deb d5e9a447d90c512dab9186e40399b72325985b5a 147164 libfaad2_2.7-8+deb8u3_amd64.deb 37657da3c7041b31be0c38a19da80235ace477b0 274982 faad2-dbg_2.7-8+deb8u3_amd64.deb b4026279de78b86f8f3b5639570e692186221665 37038 faad_2.7-8+deb8u3_amd64.deb Checksums-Sha256: a84b321c5547f404badc79707c5401fba19a31981f0fe8d4dc80b7e7f165030e 2066 faad2_2.7-8+deb8u3.dsc 4ffc7d885c2ce7575ae05ec9c0f998d2fd4f659382a36db2d8e63f05c7438dfb 23680 faad2_2.7-8+deb8u3.debian.tar.xz f992d762e8610d9a043bc1ddab800720729becac389c84daae72aeab5966f3ac 159568 libfaad-dev_2.7-8+deb8u3_amd64.deb b96bbde9df6acc08f9deec30c64b9cd2bfd6cc0fd84d1cbdb8b3fcf35a2159e6 147164 libfaad2_2.7-8+deb8u3_amd64.deb 3bc121adc002860f229a7433614e9cc7b20afa5023f0b2abd166c16a6d5995bb 274982 faad2-dbg_2.7-8+deb8u3_amd64.deb a0422f71088179754a64989144982b20e177beda6ce19906fc3b9ba684799596 37038 faad_2.7-8+deb8u3_amd64.deb Files: 10abfc40fcfd1d526ad7b4269c3579c8 2066 libs optional faad2_2.7-8+deb8u3.dsc 744da67fd3111c4cfe115e6a0f1d45e6 23680 libs optional faad2_2.7-8+deb8u3.debian.tar.xz c668663c6d5d75ee6ba45d9de70420fc 159568 libdevel optional libfaad-dev_2.7-8+deb8u3_amd64.deb 0bf8dd590de8bb1d40192224c8ada78e 147164 libs optional libfaad2_2.7-8+deb8u3_amd64.deb a9274d294d9c41e5d085227e2825bbd1 274982 debug extra faad2-dbg_2.7-8+deb8u3_amd64.deb 26fe3a07d4e0ddad00c86bc3fcfc9d88 37038 sound optional faad_2.7-8+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQHDBAEBCgAtFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl1mptsPHGhsZUBkZWJp YW4ub3JnAAoJEBHjBY5eRBpCM4YL/2j7+LKNuDgrbPtGftN2TryUSxbPtbyLsy8+ FRy4lVeRkbawhE2+KqLcX/+1Ckz09R4w2xC8VqTHlJ35qPFCGX4+E0zmdVjhd9Yn AXQKK4ascwh033kQHny602ccx9+5BSVjbW8rq9E8ehF6HzmwnWdlJSKG1zZGOIdr uGlQHpM1Fh7zxAepau3uJ0svE50NN0MQdJ8rR63cfNLsuFb3Lt+DoDN9KKHmiGFY ywwTG908jpLkFWkH1lbeY6EZlU12L5zlYhuqOwe9ij4BVt8KIay5F3HIsYERQN3k TxxHuQK5+wCz8Z54enSX3wvBIlEpPW9FuDOwbINn8/MIyrcj1J9ciwgQ14WU8U6u KeL3O5WT2rhHduW/O1xvpFtYVBYSkdK09vvqDr0NzJWR4GIMwVD2h0dNDMoPbpFK EcVjTx2r37AIQOBYaC3wUgX1+ZZ5hDqZ908wpArCOkNbYcB44qUP8jPf7F+AR7fS Fu61U6YK2ObRyo2yhKdkRXSiG9eXVQ== =Dwgm -----END PGP SIGNATURE-----
