[ubuntu/feisty-security] faad2 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Oct 6 22:55:15 BST 2008
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
(frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
crafted MPEG-4 (MP4) file. (Closes LP: #277110)
* 11_CVE-2008-4201.diff
- Patch supplied by upstream modified slightly to patch cleanly
and address vulnerability.
* References
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4201
Date: Fri, 03 Oct 2008 10:55:41 +0200
Changed-By: Stefan Lesicnik <stefan at lsd.co.za>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/feisty/+source/faad2/2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1
-------------- next part --------------
Format: 1.7
Date: Fri, 03 Oct 2008 10:55:41 +0200
Source: faad2
Binary: bmp-mp4 faad libfaad2-0 libfaad2-dev libmp4v2-0 libmp4v2-dev xmms-mp4
Architecture: amd64 i386 ia64 powerpc source sparc
Version: 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stefan Lesicnik <stefan at lsd.co.za>
Description:
bmp-mp4 - a mp4/aac audio player for bmp
faad - freeware Advanced Audio Decoder player
libfaad2-0 - freeware Advanced Audio Decoder - runtime files
libfaad2-dev - freeware Advanced Audio Decoder - development files
libmp4v2-0 - MP4 container library - runtime files
libmp4v2-dev - MP4 container library - development files
xmms-mp4 - a mp4/aac audio player for xmms
Changes:
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low
.
* SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
(frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
crafted MPEG-4 (MP4) file. (Closes LP: #277110)
* 11_CVE-2008-4201.diff
- Patch supplied by upstream modified slightly to patch cleanly
and address vulnerability.
* References
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4201
Files:
64ce04e3cdd1deec6338dc5623deeb0c 199992 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
a513379dc7d20f07091dab43c53dd602 220680 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
1e1e1dda182884bbb3068cd9242a1d87 235084 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
da9ab3fb3af7c232afe35719a4ff8758 352256 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
8579f96e20400afa260ac81e2168f7d0 21218 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
ab90d99fc4c1fd6ebb0ebc8b7e6d6845 31658 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
e7cb75001002094aca315e9f1a86f8c5 31580 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_amd64.deb
e9c5b97058e8318ba07699def94fe55a 201384 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
3064578edf9f812b5ca61ce29fbf9452 210642 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
33523d3c513ce222b9a9411b29e53230 232438 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
e11d545ce978ac77df38583d178072b7 311832 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
85b63570f5dc945cdb8e50022ce9b84f 19896 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
370a5df7dda7a7d545f9a43baa5251d3 29294 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
e2eba322f0e625d98546a9ead426b306 29326 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_i386.deb
8848d80bdfd522a15718175009ddbe82 257436 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
90f4006a81a9e1e3246105c7fd52ae5d 285372 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
65afe440b4e822afc154fa066d12a3d1 277924 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
38c24a09bb7c33e5b63f529cfbd4bdf9 484028 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
7e366de11b135950a837e5c871f69ef3 28318 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
d5a4eed549fbb312ed64be279e1639b1 39772 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
140db61606957cdf226523659d5941b0 39408 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_ia64.deb
9c4beefd7580a0a2d82bd18ed01a077e 211400 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
660c807bbcd41a355ac153502ac5de61 226300 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
e1e2afe985f6c7c8cf09a0997f983ff6 251356 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
cd7df633367ff65035011d008754531c 368284 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
11edeed3c5f9ed33e33dd99771c6cb6c 24108 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
e8407a6632450ee4bd1a491d805fef3d 34814 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
4373b62815c599fcb04b4b092f0da15b 34462 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_powerpc.deb
208d500675c7fae423231a7c2e0adcc5 865 libs optional faad2_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1.dsc
2975703ca9b3bcf0c74f77d8deb537a4 6200 libs optional faad2_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1.diff.gz
1b35d690f7e19423adcfd5dd58d3e90b 205910 libs optional libfaad2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
db61bc2d704153cee8b1a9054cd51aec 222786 libdevel optional libfaad2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
3efb9cdec7890a2e7acf8486a8e4824d 232120 libs optional libmp4v2-0_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
28a892329dc901c9e2c3b73b83809c6b 312610 libdevel optional libmp4v2-dev_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
27f058c4ef1066d4e1d6ebc5034a2a1c 20368 sound optional faad_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
028be4493911743b957d160e3160595c 30986 sound optional xmms-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
42d1b33377803db1bcf4a0306d1989d2 30692 sound optional bmp-mp4_2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1_sparc.deb
Launchpad-Bugs-Fixed: 277110
Original-Maintainer: Sebastian Dröge <mail at slomosnail.de>
More information about the feisty-changes
mailing list