Re: faad2_2.8.8-3.2_source.changes ACCEPTED into unstable

#930363). > > could you please push your changes into the team's GIT repo? sure, I have just requested access to the Debian Multimedia Team :) cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed2551

Bug#930363: faad2: fix build with gcc-9 [patch]

Hi Fabian, > Am Donnerstag, den 29.08.2019, 08:04 -0400 schrieb Hugo Lefeuvre: > > Fabian (faad2 maintainer and upstream), do you want to handle this? > > Otherwise I can NMU a second time with this patch. > > please go ahead with a second NMU. I am a bit short on time cu

Bug#930363: faad2: fix build with gcc-9 [patch]

ttps://launchpad.net/ubuntu/+source/faad2/2.8.8-3.1ubuntu1 > I rebased it with the upstream version Fabian (faad2 maintainer and upstream), do you want to handle this? Otherwise I can NMU a second time with this patch. cheers, Hugo -- Hugo Lefeuvre (hle)|

Bug#914641: faad2: CVE-2018-19502 CVE-2018-19503 CVE-2018-19504 CVE-2019-6956

Hi Fabian, > > Please let me know if you want me to change anything, otherwise I am > > waiting for your ack to upload. > > Please go ahead! OK, uploaded. > Is the list of closed CVEs complete? Yes, everything fixed in sid! cheers, Hugo --

Bug#914641: faad2: CVE-2018-19502 CVE-2018-19503 CVE-2018-19504 CVE-2019-6956

waiting for your ack to upload. regards, Hugo [0] https://github.com/knik0/faad2/pull/38 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C diff -Nru faad2-2.8.8/debian

Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader

aged). Those new release effectively only > consists of the fixes for the recent CVEs. (Yes, I know that the freeze > already started.) Agree. I will look into it if I manage to find time for this. thanks regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 36

Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader

Hi, > Unless a CVE affects the client part of the library, I don't think it's > worth it. The client part is the only part used by reverse dependencies. What do you mean exactly with client part? The affected code is located in liveMedia/RTSPServer.cpp. regards, Hugo --

Bug#924656: liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination causes use-after-free and crash

. regards, Hugo [0] https://security-tracker.debian.org/tracker/CVE-2019-7314 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature

Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader

experimental via new upstream release 2019.02.27-1. This is a fairly severe issue so we should probably backport the patch to Buster as well. regards, Hugo [0] https://security-tracker.debian.org/tracker/CVE-2019-9215 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B