Register | Log in

faad2

Choose email to subscribe with

general

source: faad2 (main)
version: 2.9.0-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Reinhard Tartler [DMD] – Matthew W. S. Bell [DMD] – Fabian Greffrath [DMD]
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7-8+deb8u1
o-o-sec: 2.7-8+deb8u3
oldstable: 2.8.0~cvs20161113-1+deb9u1
old-sec: 2.8.0~cvs20161113-1+deb9u2
old-p-u: 2.8.0~cvs20161113-1+deb9u2
stable: 2.8.8-3
testing: 2.9.0-1
unstable: 2.9.0-1

versioned links

2.7-8+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7-8+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.0~cvs20161113-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.0~cvs20161113-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.8-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

faad (1 bugs: 0, 1, 0, 0)
libfaad-dev
libfaad2

action needed

4 security issues in buster high

There are 4 open security issues in buster.

1 important issue:

CVE-2018-20196: There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

3 issues skipped by the security teams:

CVE-2019-6956: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
CVE-2018-20199: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.
CVE-2018-20360: An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Please fix them.

Created: 2018-11-23 Last update: 2019-09-17 05:16

4 security issues in stretch high

There are 4 open security issues in stretch.

1 important issue:

CVE-2018-20196: There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

3 issues skipped by the security teams:

CVE-2019-6956: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
CVE-2018-20199: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.
CVE-2018-20360: An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Please fix them.

Created: 2018-11-23 Last update: 2019-09-17 05:16

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-09-19 13:31

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-19 Last update: 2019-09-13 04:05

news

[2019-09-17] Accepted faad2 2.8.0~cvs20161113-1+deb9u2 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-09-17] faad2 2.9.0-1 MIGRATED to testing (Debian testing watch)
[2019-09-15] Accepted faad2 2.8.0~cvs20161113-1+deb9u2 (source amd64) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-09-11] Accepted faad2 2.9.0-1 (source) into unstable (Fabian Greffrath)
[2019-09-03] faad2 2.8.8-3.2 MIGRATED to testing (Debian testing watch)
[2019-08-31] Accepted faad2 2.8.8-3.2 (source) into unstable (Hugo Lefeuvre)
[2019-08-28] Accepted faad2 2.7-8+deb8u3 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-08-28] Accepted faad2 2.8.8-3.1 (source) into unstable (Hugo Lefeuvre)
[2019-06-10] faad2 2.8.8-3 MIGRATED to testing (Debian testing watch)
[2019-06-07] Accepted faad2 2.8.8-3 (source) into unstable (Sebastian Ramacher)
[2019-05-19] Accepted faad2 2.7-8+deb8u2 (source amd64) into oldstable (Hugo Lefeuvre)
[2019-04-22] faad2 2.8.8-2 MIGRATED to testing (Debian testing watch)
[2019-04-17] Accepted faad2 2.8.8-2 (source amd64) into unstable (Fabian Greffrath)
[2018-05-07] Accepted faad2 2.7-8+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Markus Koschany)
[2018-05-07] Accepted faad2 2.8.0~cvs20161113-1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Markus Koschany)
[2017-12-24] faad2 2.8.8-1 MIGRATED to testing (Debian testing watch)
[2017-12-18] Accepted faad2 2.8.8-1 (source amd64) into unstable (Fabian Greffrath)
[2017-11-12] faad2 2.8.6-1 MIGRATED to testing (Debian testing watch)
[2017-11-06] Accepted faad2 2.8.6-1 (source amd64) into unstable (Fabian Greffrath)
[2017-10-05] faad2 2.8.5-1 MIGRATED to testing (Debian testing watch)
[2017-09-30] Accepted faad2 2.8.5-1 (source amd64) into unstable (Fabian Greffrath)
[2017-08-30] Accepted faad2 2.7-8+deb7u1 (source amd64) into oldoldstable (Markus Koschany)
[2017-08-08] faad2 2.8.1-2 MIGRATED to testing (Debian testing watch)
[2017-08-02] Accepted faad2 2.8.1-2 (source amd64) into unstable (Fabian Greffrath)
[2017-07-17] Accepted faad2 2.8.1-1 (source amd64) into unstable (Fabian Greffrath)
[2016-11-19] faad2 2.8.0~cvs20161113-1 MIGRATED to testing (Debian testing watch)
[2016-11-13] Accepted faad2 2.8.0~cvs20161113-1 (source amd64) into unstable (Fabian Greffrath)
[2015-05-17] faad2 2.8.0~cvs20150510-1 MIGRATED to testing (Britney)
[2015-05-11] Accepted faad2 2.8.0~cvs20150510-1 (source amd64) into unstable (Fabian Greffrath)
[2015-05-06] faad2 2.7-9 MIGRATED to testing (Britney)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 3)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.8.8-3.2
7 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing