[ubuntu/dapper-security] faad2 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Oct 6 22:56:07 BST 2008
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1) dapper-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
(frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
crafted MPEG-4 (MP4) file. (Closes LP: #277110)
* 11_CVE-2008-4201.diff
- Patch supplied by upstream modified slightly to patch cleanly
and address vulnerability.
* References
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4201
Date: Fri, 03 Oct 2008 10:55:41 +0200
Changed-By: Stefan Lesicnik <stefan at lsd.co.za>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/dapper/+source/faad2/2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1
-------------- next part --------------
Format: 1.7
Date: Fri, 03 Oct 2008 10:55:41 +0200
Source: faad2
Binary: bmp-mp4 faad libfaad2-0 libfaad2-dev libmp4v2-0 libmp4v2-dev xmms-mp4
Architecture: amd64 i386 ia64 powerpc source sparc
Version: 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1
Distribution: dapper-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stefan Lesicnik <stefan at lsd.co.za>
Description:
bmp-mp4 - a mp4/aac audio player for bmp
faad - freeware Advanced Audio Decoder player
libfaad2-0 - freeware Advanced Audio Decoder - runtime files
libfaad2-dev - freeware Advanced Audio Decoder - development files
libmp4v2-0 - MP4 container library - runtime files
libmp4v2-dev - MP4 container library - development files
xmms-mp4 - a mp4/aac audio player for xmms
Changes:
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1) dapper-security; urgency=low
.
* SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
(frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
crafted MPEG-4 (MP4) file. (Closes LP: #277110)
* 11_CVE-2008-4201.diff
- Patch supplied by upstream modified slightly to patch cleanly
and address vulnerability.
* References
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4201
Files:
47e0aa65d75e8d4ce844a9e8330fa8f3 202990 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
be68e5ff3e96bcd1710f735a2ae3333f 226346 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
35b2cb996974c7af69dbddf469f45d75 222488 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
7afd279f8b940eae8b485a93f5076a6f 349872 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
ff37921ae9fa25e74f5b30ce5724a753 21392 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
b7820f6989791b000721d90d3a71408e 31574 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
671bc3d7e3ca896227265f843134c805 31438 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_amd64.deb
4fd35d9ddef87bf5a1490de569e34a64 198824 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
682a06652afd2ba785dcd2211ec1335a 213084 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
e66432c96c3fe41f812b9aa1083da8c5 214014 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
52fdab9f0c37d9f7616ef16e42eb34e9 299598 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
fc2d34af6ecb983970db0a1ab27cd037 19276 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
fc59049692c646d039e20b0649775970 28214 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
5d4df0e2bc3a073a8a0ebe75ba35c982 28152 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_i386.deb
af5e872cdd24fc27ed7fb163062d2d19 262534 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
0364ef2da562b4c0f6617b6c86f8b5f3 293718 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
58b55377d4e572e29e6fc522bd64cfa3 264932 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
696d92d96c6ffa4c9a9e740e7564c3a0 478996 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
d6547bb00cb6a4597dd2e055b1e86aee 28738 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
b9b1e2a32d68ede248927e6b9aaf7221 39936 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
67c7b72338795b222c19842b69c43b2f 39600 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_ia64.deb
26905f8b4d792146e29f7633fcc564c0 208708 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
9c731c6556acaabc93f2cfebebff0ef8 232468 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
6915d5c547494cd11d360c410b2c3913 222472 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
03f259dd12ed0d1a78874d72b10adb15 363102 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
4efb60503ab048ac31fbbe9e65b0aff9 22722 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
ff1fd76a958b0a62aa06757973d48a98 32954 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
829db20321dce5069efabebd889fad2b 32678 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_powerpc.deb
902ac38d56cb741016578d864cb00d56 865 libs optional faad2_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1.dsc
cd9c64a0f3fc8bf31cbf39f07801a1b2 6194 libs optional faad2_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1.diff.gz
6e80841f4861e55c43343569490bda9a 207998 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
b355c9d9b1424de3836ac610f871b427 229156 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
2001684f1b4005ee5620f63f681450ef 211202 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
a35791c7ac3795659f80506a2c54a398 307716 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
4466692658ae5cfad7349a34b949580b 19780 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
9f539b5f8d1fc072b5341b65a733d6f1 30808 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
ea32d38bd3f653cd1ea138fa408aabfb 30248 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1_sparc.deb
Original-Maintainer: Sebastian Dröge <mail at slomosnail.de>
More information about the dapper-changes
mailing list