[Git][security-tracker-team/security-tracker][master] faad2 issues fixed in 2.8.8-3.1

[Hugo Lefeuvre]

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0da91b2b by Hugo Lefeuvre at 2019-08-28T15:54:05Z
faad2 issues fixed in 2.8.8-3.1

see #914641

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25538,7 +25538,7 @@ CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Vi
 CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
 	NOT-FOR-US: Bosch
 CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
-	- faad2 <unfixed> (bug #914641)
+	- faad2 2.8.8-3.1 (bug #914641)
 	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/faac/bugs/240/
@@ -34857,7 +34857,7 @@ CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_a
 	NOTE: https://github.com/knik0/faad2/issues/30
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
-	- faad2 <unfixed> (low)
+	- faad2 2.8.8-3.1 (low)
 	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/32
@@ -35462,7 +35462,7 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12
 	NOTE: https://github.com/square/okhttp/issues/4967
 	NOTE: No practicable security imapacting relevance
 CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
-	- faad2 <unfixed> (low)
+	- faad2 2.8.8-3.1 (low)
 	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/24
@@ -35481,7 +35481,7 @@ CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of
 	NOTE: very similar to CVE-2018-20194, same fix:
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
-	- faad2 <unfixed>
+	- faad2 2.8.8-3.1
 	NOTE: https://github.com/knik0/faad2/issues/19
 	NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
 CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da91b2b337efeb86901ab24df9a4d319003fe61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da91b2b337efeb86901ab24df9a4d319003fe61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190828/d3e1a8e8/attachment-0001.html>