[ubuntu/hardy-security] faad2 2.6.1-2ubuntu0.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Oct 6 22:56:47 BST 2008 

faad2 (2.6.1-2ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code via a
    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
  * 12_heap_overflow.dpatch
    - Patch supplied by upstream to address vulnerability.
  * References
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
    http://www.audiocoding.com/patch/main_overflow.diff
    CVE-2008-4201

Date: Thu, 02 Oct 2008 16:26:26 +0200
Changed-By: Stefan Lesicnik <stefan at lsd.co.za>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/faad2/2.6.1-2ubuntu0.1
-------------- next part --------------
Format: 1.7
Date: Thu, 02 Oct 2008 16:26:26 +0200
Source: faad2
Binary: faad libfaad-dev libfaad0 libfaad2-0
Architecture: amd64 hppa all i386 ia64 lpia powerpc source sparc
Version: 2.6.1-2ubuntu0.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stefan Lesicnik <stefan at lsd.co.za>
Description:
 faad       - freeware Advanced Audio Decoder player
 libfaad-dev - freeware Advanced Audio Decoder - development files
 libfaad0   - freeware Advanced Audio Decoder - runtime files
 libfaad2-0 - freeware Advanced Audio Decoder - dummy package
Changes:
 faad2 (2.6.1-2ubuntu0.1) hardy-security; urgency=low
 .
   * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
     (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
     a denial of service (crash) and possibly execute arbitrary code via a
     crafted MPEG-4 (MP4) file. (Closes LP: #277110)
   * 12_heap_overflow.dpatch
     - Patch supplied by upstream to address vulnerability.
   * References
     http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
     http://www.audiocoding.com/patch/main_overflow.diff
     CVE-2008-4201
Files:
 4cbbe7a28437f8ede52a8c7ceed911b1 167530 libs optional libfaad0_2.6.1-2ubuntu0.1_amd64.deb
 d504d723979e0abb1d11b5e466f7f5d6 207526 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_amd64.deb
 d87350f2780c39dd833b54cb3343a1df 29898 sound optional faad_2.6.1-2ubuntu0.1_amd64.deb
 72aa28b5a92532ccb75a5d4443f523c1 178564 libs optional libfaad0_2.6.1-2ubuntu0.1_hppa.deb
 558a1e4c569fcb9f7192bae7a62b3c7f 221738 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_hppa.deb
 0bcb8d93e9d17b6508fed329772bcf1e 34302 sound optional faad_2.6.1-2ubuntu0.1_hppa.deb
 8e66817e905ef99af211a0cc0a294003 5864 libs optional libfaad2-0_2.6.1-2ubuntu0.1_all.deb
 5fefe0de58a4d27bf81d44e4513a6ca8 167146 libs optional libfaad0_2.6.1-2ubuntu0.1_i386.deb
 2e6f3c2e15fc60b5aa2224dc3ccf36f6 205360 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_i386.deb
 e25862ccd919b7a7051b63152252a7d5 29682 sound optional faad_2.6.1-2ubuntu0.1_i386.deb
 16f3fcf11bb5f8ccffe64d0529a0a040 216806 libs optional libfaad0_2.6.1-2ubuntu0.1_ia64.deb
 87d26918d7930966ea321e65dfe11af0 266874 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_ia64.deb
 8581467c2b8cdcf5454a60e323cb43c4 39842 sound optional faad_2.6.1-2ubuntu0.1_ia64.deb
 a1851da9997898f84227731ea7838d2c 167922 libs optional libfaad0_2.6.1-2ubuntu0.1_lpia.deb
 1d0b07b46b60d29b845d681f581bca9f 204338 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_lpia.deb
 643d2fc5cd736df7342c39fa9a9c52d2 29508 sound optional faad_2.6.1-2ubuntu0.1_lpia.deb
 7eeb5aff8f728074a8fb857ff4c9d862 175066 libs optional libfaad0_2.6.1-2ubuntu0.1_powerpc.deb
 e153fa057805d3152c7130e861c8481b 210892 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_powerpc.deb
 05c221f85c962727335804b95605a490 34220 sound optional faad_2.6.1-2ubuntu0.1_powerpc.deb
 d78652c03e959c93dd057338d472d887 760 libs optional faad2_2.6.1-2ubuntu0.1.dsc
 d2f5c73c40d866d9304e5a7ab0af3609 356658 libs optional faad2_2.6.1-2ubuntu0.1.diff.gz
 80dc9d51e3a8cc4236112012af889013 173610 libs optional libfaad0_2.6.1-2ubuntu0.1_sparc.deb
 62b58a161e96926a4d66f5af85b923aa 211418 libdevel optional libfaad-dev_2.6.1-2ubuntu0.1_sparc.deb
 ec89e812063d0ef51d4d633c5cae7e50 29686 sound optional faad_2.6.1-2ubuntu0.1_sparc.deb
Launchpad-Bugs-Fixed: 277110
Original-Maintainer: Matthew W. S. Bell <matthew at bells23.org.uk>

More information about the Hardy-changes mailing list