faad2_2.8.0~cvs20161113-1+deb9u2_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Sep 17 12:02:35 BST 2019
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Sep 2019 18:52:19 +0200
Source: faad2
Binary: faad faad2-dbg libfaad-dev libfaad2
Architecture: source amd64
Version: 2.8.0~cvs20161113-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>
Changed-By: Hugo Lefeuvre <hle at debian.org>
Description:
faad - freeware Advanced Audio Decoder player
faad2-dbg - freeware Advanced Audio Decoder - debugging symbols
libfaad-dev - freeware Advanced Audio Decoder - development files
libfaad2 - freeware Advanced Audio Decoder - runtime files
Closes: 914641
Changes:
faad2 (2.8.0~cvs20161113-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-20357, CVE-2018-20359, CVE-2018-20197, CVE-2018-20194,
CVE-2018-19503, CVE-2018-20361: multiple memory corruption vulnerabilities
caused by insufficiently sanitized frequency band borders.
* CVE-2018-20358, CVE-2018-20362, CVE-2018-19504, CVE-2018-20195,
CVE-2018-20198: multiple memory corruption vulnerabilities caused by syntax
element inconsistencies (implicit channel mapping reconfiguration).
* CVE-2019-15296: buffer overflow in faad_resetbits.
* CVE-2018-19502: heap based buffer overfow in excluded_channels
(libfaad/syntax.c) (Closes: #914641).
Checksums-Sha1:
b28902b110ce860c9157990e11823370ed312d8a 2089 faad2_2.8.0~cvs20161113-1+deb9u2.dsc
847e7ed97108e26e226943e7d0a6d3ea8e488134 514680 faad2_2.8.0~cvs20161113.orig.tar.xz
ec72760c3a51301c3856d73a6e8eef2259bdc320 20028 faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz
5a11c0dd7268f3cda885c22b4b3c177699e22b8c 504518 faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb
aa50bd84e4da5b091a80a27908b88f62d67407a5 6599 faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo
88239931302f9996ad1e964bb766a5f3f78e3977 38856 faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb
0685535056e11ee7868bc6ff46dddf49312387d7 183002 libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb
2d92c723e6669596454cec21c2f9b2a23eb864d3 167612 libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb
Checksums-Sha256:
30f8c2f18fcb72c69453d95215db457816c313c05b0b76e096206dce90a27913 2089 faad2_2.8.0~cvs20161113-1+deb9u2.dsc
de34bce327eac8a89cd58b7d44dfb58988033de6fda0ab9582ed0585fc3fd07e 514680 faad2_2.8.0~cvs20161113.orig.tar.xz
30544dbfb514d347846e02483074c7a8c1595bd10bd12f99bb1f3c48670c1bf3 20028 faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz
1a85775f9c880bdb63142915234a421ff7dc041642ed2673e3edc4ecddceaeff 504518 faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb
6877c0a49a4c5058d76fea41a5426980f271eb3da703c9f12126114c05a4b1ed 6599 faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo
810a15e0d973b0bffe5a62791a49a430b6466a1b44575284a998a84c36ae7db7 38856 faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb
b725cb0e79c0abdd0e2c388f4dab0703bf4d2e115c1f7bc5e1c74b86389ee126 183002 libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb
3599e04124569c727728059babf065a72acf45bde32f4183dc3a972e57dc23eb 167612 libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb
Files:
cf3efb1176116c2603c455be044b42c2 2089 libs optional faad2_2.8.0~cvs20161113-1+deb9u2.dsc
bceecaced180cdeb9f73d7d04967ce46 514680 libs optional faad2_2.8.0~cvs20161113.orig.tar.xz
f8c3046409c156cc450b14d3fed45968 20028 libs optional faad2_2.8.0~cvs20161113-1+deb9u2.debian.tar.xz
52923116b30104c7e545bbe12f7a0442 504518 debug extra faad2-dbg_2.8.0~cvs20161113-1+deb9u2_amd64.deb
b772ecc0f442d2950481885bae1cc355 6599 libs optional faad2_2.8.0~cvs20161113-1+deb9u2_amd64.buildinfo
165a25ea9a94731137f77500657b0eed 38856 sound optional faad_2.8.0~cvs20161113-1+deb9u2_amd64.deb
2c66a1b4fbbf1f277db23b20cc83da0f 183002 libdevel optional libfaad-dev_2.8.0~cvs20161113-1+deb9u2_amd64.deb
90384d4f9b97ddf3798dc2e457ecc487 167612 libs optional libfaad2_2.8.0~cvs20161113-1+deb9u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl17xakACgkQEeMFjl5E
GkJCagv8DZekcn4bkrWtHXZ821iuwWfvXiuDLqzE3rMQtTEv1RUCbA5ZJyP7zepa
bl6dRTEWaZjaC6EHg53jxKEUGeHQBNDcYY9F+sfej6pQa8ckzv8/ziLgxSwned7R
uZSaDNLPWA6nhrETFFddtSDnQYv/rasYwjy5t2C/aXfoRq2KJwPLVKTig5DxwoMQ
+tOpU+EJcjTgHqBNJW+UVzBdO3hJM0ENOWUN73kWczEfXetjp1D75dZmQ4bJtHFr
hF+3AlN+e7ktStX3BZDJ1YOQK0YsikHj62oLGSF/eWxBTwX3iH1tEAMuo+NQCYJy
uCxaAKKDWzyBgiOJZmWXzFQyzQwTI1MB2yaz0/m5Xsbf0XGCpxqQvzFV1/A8GZCD
8yhzjVWcdTVGP+wMVg0REZh9YFfjMRvgvu0mW+m+elPNdXMbWJ5T0OpPyaCcY7lI
11bWDUJctwsv/vO21hze6nkSKWq30FboELg7stugXD/XXdhmVcme011QP5MPhwFn
vyI4qKdJ
=S5XT
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-multimedia-maintainers
mailing list