-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Sep 2019 18:52:19 +0200 Source: faad2 Binary: faad faad2-dbg libfaad-dev libfaad2 Architecture: source amd64 Version: 2.8.0~cvs20161113-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: faad - freeware Advanced Audio Decoder player faad2-dbg - freeware Advanced Audio Decoder - debugging symbols libfaad-dev - freeware Advanced Audio Decoder - development files libfaad2 - freeware Advanced Audio Decoder - runtime files Closes: 914641 Changes: faad2 (2.8.0~cvs20161113-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2018-20357, CVE-2018-20359, CVE-2018-20197, CVE-2018-20194, CVE-2018-19503, CVE-2018-20361: multiple memory corruption vulnerabilities caused by insufficiently sanitized frequency band borders. * CVE-2018-20358, CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198: multiple memory corruption vulnerabilities caused by syntax element inconsistencies (implicit channel mapping reconfiguration). * CVE-2019-15296: buffer overflow in faad_resetbits. * CVE-2018-19502: heap based buffer overfow in excluded_channels (libfaad/syntax.c) (Closes: #914641). Checksums-Sha1: b28902b110ce860c9157990e11823370ed312d8a 2089 faad2_2.8.0~cvs20161113-1+deb9u2.dsc 847e7ed97108e26e226943e7d0a6d3ea8e488134 514680 faad2_2.8.0~cvs20161113.orig.tar.xz ec72760c3a51301c3856d73a6e8eef2259bdc320 20028 faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz 5a11c0dd7268f3cda885c22b4b3c177699e22b8c 504518 faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb aa50bd84e4da5b091a80a27908b88f62d67407a5 6599 faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo 88239931302f9996ad1e964bb766a5f3f78e3977 38856 faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb 0685535056e11ee7868bc6ff46dddf49312387d7 183002 libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb 2d92c723e6669596454cec21c2f9b2a23eb864d3 167612 libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb Checksums-Sha256: 30f8c2f18fcb72c69453d95215db457816c313c05b0b76e096206dce90a27913 2089 faad2_2.8.0~cvs20161113-1+deb9u2.dsc de34bce327eac8a89cd58b7d44dfb58988033de6fda0ab9582ed0585fc3fd07e 514680 faad2_2.8.0~cvs20161113.orig.tar.xz 30544dbfb514d347846e02483074c7a8c1595bd10bd12f99bb1f3c48670c1bf3 20028 faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz 1a85775f9c880bdb63142915234a421ff7dc041642ed2673e3edc4ecddceaeff 504518 faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb 6877c0a49a4c5058d76fea41a5426980f271eb3da703c9f12126114c05a4b1ed 6599 faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo 810a15e0d973b0bffe5a62791a49a430b6466a1b44575284a998a84c36ae7db7 38856 faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb b725cb0e79c0abdd0e2c388f4dab0703bf4d2e115c1f7bc5e1c74b86389ee126 183002 libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb 3599e04124569c727728059babf065a72acf45bde32f4183dc3a972e57dc23eb 167612 libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb Files: cf3efb1176116c2603c455be044b42c2 2089 libs optional faad2_2.8.0~cvs20161113-1+deb9u2.dsc bceecaced180cdeb9f73d7d04967ce46 514680 libs optional faad2_2.8.0~cvs20161113.orig.tar.xz f8c3046409c156cc450b14d3fed45968 20028 libs optional faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz 52923116b30104c7e545bbe12f7a0442 504518 debug extra faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb b772ecc0f442d2950481885bae1cc355 6599 libs optional faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo 165a25ea9a94731137f77500657b0eed 38856 sound optional faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb 2c66a1b4fbbf1f277db23b20cc83da0f 183002 libdevel optional libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb 90384d4f9b97ddf3798dc2e457ecc487 167612 libs optional libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl17xakACgkQEeMFjl5E GkJCagv8DZekcn4bkrWtHXZ821iuwWfvXiuDLqzE3rMQtTEv1RUCbA5ZJyP7zepa bl6dRTEWaZjaC6EHg53jxKEUGeHQBNDcYY9F+sfej6pQa8ckzv8/ziLgxSwned7R uZSaDNLPWA6nhrETFFddtSDnQYv/rasYwjy5t2C/aXfoRq2KJwPLVKTig5DxwoMQ +tOpU+EJcjTgHqBNJW+UVzBdO3hJM0ENOWUN73kWczEfXetjp1D75dZmQ4bJtHFr hF+3AlN+e7ktStX3BZDJ1YOQK0YsikHj62oLGSF/eWxBTwX3iH1tEAMuo+NQCYJy uCxaAKKDWzyBgiOJZmWXzFQyzQwTI1MB2yaz0/m5Xsbf0XGCpxqQvzFV1/A8GZCD 8yhzjVWcdTVGP+wMVg0REZh9YFfjMRvgvu0mW+m+elPNdXMbWJ5T0OpPyaCcY7lI 11bWDUJctwsv/vO21hze6nkSKWq30FboELg7stugXD/XXdhmVcme011QP5MPhwFn vyI4qKdJ =S5XT -----END PGP SIGNATURE-----
