Bug#889915: marked as done (libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.)

Debian Bug Tracking System Mon, 07 May 2018 04:33:41 -0700

Your message dated Mon, 07 May 2018 11:32:09 +0000
with message-id <[email protected]>
and subject line Bug#889915: fixed in faad2 2.8.0~cvs20161113-1+deb9u1
has caused the Debian Bug report #889915,
regarding libfaad2 in Wheezy contains patches for some security bugs. They were 
not backported to Jessie.
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
889915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889915
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libfaad2
Version: 2.7-8
Severity: normal

Dear Maintainer,

Libfaad2 in Wheezy contains some security patches. But the patches were not
backported to Jessie.



-- System Information:
Debian Release: 8.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: i386 (i586)

Kernel: Linux 4.14.16 (PREEMPT)
Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libfaad2 depends on:
ii  libc6              2.19-18+deb8u10
ii  multiarch-support  2.19-18+deb8u10

libfaad2 recommends no packages.

libfaad2 suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: faad2
Source-Version: 2.8.0~cvs20161113-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
faad2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated faad2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 17:49:02 +0200
Source: faad2
Binary: faad faad2-dbg libfaad-dev libfaad2
Architecture: source amd64
Version: 2.8.0~cvs20161113-1+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Debian Multimedia Maintainers 
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
 faad       - freeware Advanced Audio Decoder player
 faad2-dbg  - freeware Advanced Audio Decoder - debugging symbols
 libfaad-dev - freeware Advanced Audio Decoder - development files
 libfaad2   - freeware Advanced Audio Decoder - runtime files
Closes: 889915
Changes:
 faad2 (2.8.0~cvs20161113-1+deb9u1) stretch; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
     CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255,
     CVE-2017-9256, CVE-2017-9257.
     Various issues were discovered in faad2, a fast audio decoder, that could
     cause a denial of service (large loop and CPU consumption) via a crafted
     mp4 file. (Closes: #889915)
Checksums-Sha1:
 60045cd562096a31ad47cd417cce0b585ffa4b61 2414 
faad2_2.8.0~cvs20161113-1+deb9u1.dsc
 db6423f4e85349e0111aeb24724d160ab1e5b54d 17832 
faad2_2.8.0~cvs20161113-1+deb9u1.debian.tar.xz
 6f3ad0b2c137ae50bce01d46c1cb5d1ab96b7bcb 504446 
faad2-dbg_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 11eaccc37a70c36969808b1d7d0e32ea12901324 6917 
faad2_2.8.0~cvs20161113-1+deb9u1_amd64.buildinfo
 1643fb9be522c6e4e2b0dcadd20f0b60a6874621 38584 
faad_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 5736d1137455a414f595d8bb7f51bdcfd142b573 182670 
libfaad-dev_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 d7fb4765e64987f90d02a044c38a297466677933 167128 
libfaad2_2.8.0~cvs20161113-1+deb9u1_amd64.deb
Checksums-Sha256:
 55f30bfc708b26107ce4c66759366cb3cc325e8b3dc12911729d7cafaf19f26d 2414 
faad2_2.8.0~cvs20161113-1+deb9u1.dsc
 56580e3420a1ae2f103fc542e4a4ea46e229828a852f874823755fbfc033626b 17832 
faad2_2.8.0~cvs20161113-1+deb9u1.debian.tar.xz
 74f74ad2e694c593aaead02848e92360d07e670aa0df762df68ecc4d46fd4cf4 504446 
faad2-dbg_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 41d00c67e0e9c7f0905b73e603fd28831f57e68874e974a41a7950155fca581d 6917 
faad2_2.8.0~cvs20161113-1+deb9u1_amd64.buildinfo
 ad8286cad1bab2d4db7862a5c9133d78ebef45c40460e22cee40ac87a5e8ee9b 38584 
faad_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 b8f19dc1698ad78b1f0b847e548729810d1fd684bf545b402b69acdffb76e9f1 182670 
libfaad-dev_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 cf16b2e939d0dded2d13c8c57ebc12997b283dfaabb073914471234f6eb4c254 167128 
libfaad2_2.8.0~cvs20161113-1+deb9u1_amd64.deb
Files:
 d30ffe94a5af246fc9b8816c088f79ca 2414 libs optional 
faad2_2.8.0~cvs20161113-1+deb9u1.dsc
 9b28daf5c71fdd42cdf7c9e13ace82a7 17832 libs optional 
faad2_2.8.0~cvs20161113-1+deb9u1.debian.tar.xz
 e4fce44a27c1f4bd1c56086fdf9363fc 504446 debug extra 
faad2-dbg_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 265408b39692b1e902cfe549f564b980 6917 libs optional 
faad2_2.8.0~cvs20161113-1+deb9u1_amd64.buildinfo
 2d8431119e8bc2e9b378d50ed18f2368 38584 sound optional 
faad_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 3042c55f1d26477512a15734858196dc 182670 libdevel optional 
libfaad-dev_2.8.0~cvs20161113-1+deb9u1_amd64.deb
 eea637e5a699f8fb48d9f4c4da1c4178 167128 libs optional 
libfaad2_2.8.0~cvs20161113-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrokapfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkhIUP/0g/m/yJSUuDsV5iprUlyPkTFVBe1mqvAh0z
RP6wkDXLJ0VcRe+wFWTatE1glwfMOyjCgyK7/VzF32q4muL6lPvkXFrpnQOY9fQk
3xXfaY6lBMZKDXZAN8uooEcNxk2XX7EJrfmBnxl1rnZ/9dSamQdk/iu1LZ3iV3LB
JSv44EyG7kbDye/GojkbdEuI07zEhkkKwuYjEc8ww7UssyCUWm4u+bEQk4nO+day
sXsqv9uJT1PweRQMXbGLl+mIOfultaPDK5sWwb8YH1PE8gOznO75hYjIY75lu8lo
a0K1X/FxeTRoLDsFzsZ0B9K/qk62mEi/rshvnpHkc3CiyBRuKT+VAOaHKQI3lf74
Bh3pHNKVuQZn+sM93Fhtp46cnRO9f14val0YknQay6NzPvr5x+6Dncr0iz0o7qtn
mtReHryrEqxFeOLDvpxHFBn/Ymu6vky1OtAf40lb697DsfaQ0H00LLw524CzEIXT
QyyjPDraSRH95uOvCsr3/19vSausxymmJgMdVtViq8YgVZSXiKpPvkM5yq7kKw0c
e8vDauy4mZCLFx34KLSfTbJ7Kh53I2CZ6aVp3k1wpOTMLZKYdy5WLjMxBnXnW+il
PHoXkpGLHohy6nuk8wJZX+pyP6Gb/YTUevvQ+aJ+E7IpAlsqOGaetAk+jwOsBnNq
AP38tJKV
=aAXi
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#889915: marked as done (libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.)

Reply via email to