Register | Log in

faad2

Choose email to subscribe with

general

source: faad2 (main)
version: 2.10.0-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Matthew W. S. Bell [DMD] – Fabian Greffrath [DMD] – Reinhard Tartler [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7-8+deb8u1
o-o-sec: 2.7-8+deb8u3
oldstable: 2.8.0~cvs20161113-1+deb9u2
old-sec: 2.8.0~cvs20161113-1+deb9u2
stable: 2.8.8-3
testing: 2.10.0-1
unstable: 2.10.0-1

versioned links

2.7-8+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7-8+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.0~cvs20161113-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.8-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

faad (1 bugs: 0, 1, 0, 0)
libfaad-dev
libfaad2

action needed

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2020-10-28 11:30

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-10-27 Last update: 2020-10-28 09:07

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2018-20196: There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
CVE-2018-20199: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.
CVE-2018-20360: An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2019-6956: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

Please fix them.

Created: 2018-11-23 Last update: 2020-10-26 04:31

4 ignored security issues in buster low

There are 4 open security issues in buster.

4 issues skipped by the security teams:

CVE-2018-20196: There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
CVE-2018-20199: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.
CVE-2018-20360: An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2019-6956: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

Please fix them.

Created: 2018-11-23 Last update: 2020-10-26 04:31

news

[2020-10-26] faad2 2.10.0-1 MIGRATED to testing (Debian testing watch)
[2020-10-20] Accepted faad2 2.10.0-1 (source) into unstable (Fabian Greffrath)
[2020-05-10] faad2 2.9.2-1 MIGRATED to testing (Debian testing watch)
[2020-05-04] Accepted faad2 2.9.2-1 (source) into unstable (Fabian Greffrath)
[2019-11-10] faad2 2.9.1-1 MIGRATED to testing (Debian testing watch)
[2019-11-04] Accepted faad2 2.9.1-1 (source) into unstable (Fabian Greffrath)
[2019-09-17] Accepted faad2 2.8.0~cvs20161113-1+deb9u2 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-09-17] faad2 2.9.0-1 MIGRATED to testing (Debian testing watch)
[2019-09-15] Accepted faad2 2.8.0~cvs20161113-1+deb9u2 (source amd64) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-09-11] Accepted faad2 2.9.0-1 (source) into unstable (Fabian Greffrath)
[2019-09-03] faad2 2.8.8-3.2 MIGRATED to testing (Debian testing watch)
[2019-08-31] Accepted faad2 2.8.8-3.2 (source) into unstable (Hugo Lefeuvre)
[2019-08-28] Accepted faad2 2.7-8+deb8u3 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-08-28] Accepted faad2 2.8.8-3.1 (source) into unstable (Hugo Lefeuvre)
[2019-06-10] faad2 2.8.8-3 MIGRATED to testing (Debian testing watch)
[2019-06-07] Accepted faad2 2.8.8-3 (source) into unstable (Sebastian Ramacher)
[2019-05-19] Accepted faad2 2.7-8+deb8u2 (source amd64) into oldstable (Hugo Lefeuvre)
[2019-04-22] faad2 2.8.8-2 MIGRATED to testing (Debian testing watch)
[2019-04-17] Accepted faad2 2.8.8-2 (source amd64) into unstable (Fabian Greffrath)
[2018-05-07] Accepted faad2 2.7-8+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Markus Koschany)
[2018-05-07] Accepted faad2 2.8.0~cvs20161113-1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Markus Koschany)
[2017-12-24] faad2 2.8.8-1 MIGRATED to testing (Debian testing watch)
[2017-12-18] Accepted faad2 2.8.8-1 (source amd64) into unstable (Fabian Greffrath)
[2017-11-12] faad2 2.8.6-1 MIGRATED to testing (Debian testing watch)
[2017-11-06] Accepted faad2 2.8.6-1 (source amd64) into unstable (Fabian Greffrath)
[2017-10-05] faad2 2.8.5-1 MIGRATED to testing (Debian testing watch)
[2017-09-30] Accepted faad2 2.8.5-1 (source amd64) into unstable (Fabian Greffrath)
[2017-08-30] Accepted faad2 2.7-8+deb7u1 (source amd64) into oldoldstable (Markus Koschany)
[2017-08-08] faad2 2.8.1-2 MIGRATED to testing (Debian testing watch)
[2017-08-02] Accepted faad2 2.8.1-2 (source amd64) into unstable (Fabian Greffrath)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 1

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.9.2-1
8 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing