Debian Package Tracker

general

source: faad2 (source, libs)
version: 2.8.0~cvs20161113-1
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Reinhard Tartler [DMD] – Matthew W. S. Bell [DMD] – Fabian Greffrath [DMD]
arch: any
std-ver: 3.9.6
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7-8
oldstable: 2.7-8
stable: 2.8.0~cvs20161113-1
testing: 2.8.0~cvs20161113-1
unstable: 2.8.0~cvs20161113-1

versioned links

2.7-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.0~cvs20161113-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

faad
faad2-dbg
libfaad-dev
libfaad2

action needed

11 security issues in sid

high

There are 11 open security issues in sid.

11 important issues:

CVE-2017-9253: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9257: The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9256: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9255: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9222: The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9223: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9220: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.
CVE-2017-9221: The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9219: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.
CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

Please fix them.

Created: 2017-06-28 Last update: 2017-06-29 07:19

11 security issues in wheezy

high

There are 11 open security issues in wheezy.

11 important issues:

CVE-2017-9253: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9257: The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9256: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9255: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9222: The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9223: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9220: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.
CVE-2017-9221: The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9219: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.
CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

Please fix them.

Created: 2017-06-28 Last update: 2017-06-29 07:19

11 security issues in buster

high

There are 11 open security issues in buster.

11 important issues:

CVE-2017-9253: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9257: The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9256: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9255: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9222: The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9223: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9220: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.
CVE-2017-9221: The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9219: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.
CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

Please fix them.

Created: 2017-06-28 Last update: 2017-06-29 07:19

11 security issues in jessie

high

There are 11 open security issues in jessie.

11 important issues:

CVE-2017-9253: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9257: The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9256: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9255: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9222: The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9223: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9220: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.
CVE-2017-9221: The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9219: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.
CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

Please fix them.

Created: 2017-06-28 Last update: 2017-06-29 07:19

11 security issues in stretch

high

There are 11 open security issues in stretch.

11 important issues:

CVE-2017-9253: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9257: The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9256: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9255: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9222: The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9223: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9220: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.
CVE-2017-9221: The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9219: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.
CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

Please fix them.

Created: 2017-06-28 Last update: 2017-06-29 07:19

A new upstream version is available: src/faad2-2.7/faad2-2.7

high

A new upstream version src/faad2-2.7/faad2-2.7 is available, you should consider packaging it.

Created: 2017-01-17 Last update: 2017-06-29 07:18

lintian reports 3 warnings

high

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-05 Last update: 2016-11-14 01:01

1 bug tagged patch in the BTS

normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-01-17 Last update: 2017-06-29 07:03

Standards version of the package is outdated.

wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 3.9.8 instead of 3.9.6).

Created: 2016-11-14 Last update: 2016-11-14 00:55

news

[rss feed]

[2016-11-19] faad2 2.8.0~cvs20161113-1 MIGRATED to testing (Debian testing watch)
[2016-11-13] Accepted faad2 2.8.0~cvs20161113-1 (source amd64) into unstable (Fabian Greffrath)
[2015-05-17] faad2 2.8.0~cvs20150510-1 MIGRATED to testing (Britney)
[2015-05-11] Accepted faad2 2.8.0~cvs20150510-1 (source amd64) into unstable (Fabian Greffrath)
[2015-05-06] faad2 2.7-9 MIGRATED to testing (Britney)
[2015-04-30] Accepted faad2 2.7-9 (source amd64) into unstable (Fabian Greffrath)
[2012-03-29] faad2 2.7-8 MIGRATED to testing (Debian testing watch)
[2012-03-18] Accepted faad2 2.7-8 (source amd64) (Andres Mejia)
[2011-08-24] faad2 2.7-7 MIGRATED to testing (Debian testing watch)
[2011-08-13] Accepted faad2 2.7-7 (source amd64) (Fabian Greffrath)
[2010-11-25] faad2 2.7-6 MIGRATED to testing (Debian testing watch)
[2010-11-23] Accepted faad2 2.7-6 (source amd64) (Andres Mejia)
[2010-11-20] Accepted faad2 2.7-5 (source amd64) (Fabian Greffrath)
[2009-11-08] faad2 2.7-4 MIGRATED to testing (Debian testing watch)
[2009-10-26] Accepted faad2 2.7-4 (source i386) (Fabian Greffrath)
[2009-10-18] faad2 2.7-2 MIGRATED to testing (Debian testing watch)
[2009-09-17] Accepted faad2 2.7-2 (source i386) (Reinhard Tartler)
[2009-06-09] Accepted faad2 2.7-1 (source i386) (Fabian Greffrath)
[2008-10-03] faad2 2.6.1-3.1 MIGRATED to testing (Debian testing watch)
[2008-09-26] Accepted faad2 2.6.1-3.1 (source all i386) (Steffen Joeris)
[2008-07-03] faad2 2.6.1-3 MIGRATED to testing (Debian testing watch)
[2008-06-22] Accepted faad2 2.6.1-3 (source all i386) (Matthew W. S. Bell) (signed by: Stuart Teasdale)
[2008-01-31] faad2 2.6.1-2 MIGRATED to testing (Debian testing watch)
[2008-01-20] Accepted faad2 2.6.1-2 (source all i386) (Matthew W. S. Bell) (signed by: Stuart Teasdale)
[2007-10-24] faad2 2.6-1 MIGRATED to testing (Debian testing watch)
[2007-10-21] Accepted faad2 2.6-1 (source i386 all) (Matthew W. S. Bell) (signed by: Stuart Teasdale)
[2007-09-12] faad2 2.5-5 MIGRATED to testing (Debian testing watch)
[2007-08-25] Accepted faad2 2.5-5 (source i386 all) (Matthew W. S. Bell) (signed by: Stuart Teasdale)
[2007-06-01] faad2 2.5-4 MIGRATED to testing (Debian testing watch)
[2007-05-20] Accepted faad2 2.5-4 (source i386 all) (Matthew W. S. Bell) (signed by: Stuart Teasdale)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0

links

homepage
lintian (0, 3)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.8.0~cvs20161113-1
5 bugs