[Git][security-tracker-team/security-tracker][master] faad2 issues fixed in 2.8.8-3.1
Hugo Lefeuvre
hle at debian.org
Wed Aug 28 16:54:25 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0da91b2b by Hugo Lefeuvre at 2019-08-28T15:54:05Z
faad2 issues fixed in 2.8.8-3.1
see #914641
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25538,7 +25538,7 @@ CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Vi
CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
NOT-FOR-US: Bosch
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- - faad2 <unfixed> (bug #914641)
+ - faad2 2.8.8-3.1 (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/faac/bugs/240/
@@ -34857,7 +34857,7 @@ CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_a
NOTE: https://github.com/knik0/faad2/issues/30
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
- - faad2 <unfixed> (low)
+ - faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/32
@@ -35462,7 +35462,7 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12
NOTE: https://github.com/square/okhttp/issues/4967
NOTE: No practicable security imapacting relevance
CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
- - faad2 <unfixed> (low)
+ - faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/24
@@ -35481,7 +35481,7 @@ CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of
NOTE: very similar to CVE-2018-20194, same fix:
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
- - faad2 <unfixed>
+ - faad2 2.8.8-3.1
NOTE: https://github.com/knik0/faad2/issues/19
NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da91b2b337efeb86901ab24df9a4d319003fe61
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da91b2b337efeb86901ab24df9a4d319003fe61
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190828/d3e1a8e8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list