[SECURITY] [DLA 2792-1] faad2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2792-1] faad2 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 24 Oct 2021 15:38:44 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2110241534150.13389@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2792-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 24, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : faad2
Version        : 2.8.0~cvs20161113-1+deb9u3
CVE ID         : CVE-2018-20199 CVE-2018-20360 CVE-2019-6956
                 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277
                 CVE-2021-32278

Several issues have been found in faad2, a freeware Advanced Audio Decoderplayer. They are related to heap buffer overflows or null pointerdereferences, which both might allow an attacker to execute code byproviding crafted files.



For Debian 9 stretch, these problems have been fixed in version
2.8.0~cvs20161113-1+deb9u3.

We recommend that you upgrade your faad2 packages.

For the detailed security status of faad2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/faad2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmF1fgRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeIlQ/+NSBPO0SIAPy6zHAbvV1CbzQZ+RfUda2RH7wePhDLs6NTz9i+Qmd0oYGH
Hf5j/quN/J2yHSxqG6b67ma6axaJtRGTlbpoE55g1Ncbrh3ngpuXFEq99yn567Ce
xEWJloZWXtdRrOWd9P7LdZxmwGSw56W9MFBfLAWF6NSa+CXJ6ZyfeAKdxo91AUHv
x+M/vGcJHR/70jvuEd7S1zr6NnY8oiHNsMBdjx5O6M9g5lLDuOktRGFuk74TW4dP
IsZLAL3aie+sR/181w2HF2Zo80DRwA96uEvUn5utKt/bab6N19Q0fqMkZRk42GTg
MF7BzxhB7V7avnFY4DE8e8h8S1blmcRyYQoIsu68HzZu/wwzW6aK1b4YPLiZJtMs
bhnpETjvVIPlkAntEV0PkSOoc2AMk+GtFzg6r8u5fm18geeENGU1dRXxaUkcuuqs
7JbJtZ/Ze6XaIMJmwnGoY+fsjuN/OyI4RBz3encLOraGHdi/xhe7uYZkqkbTXSUg
SZBUtA2DSS6n4u0xcX4RycHOgUxFlnVrKCnzDULhTB9tqtxp4t4zK43BlgX+APze
NMjtK/NdE4AvNigmQJQZWxIvr+4vGuTnKMFpHnLfmNgQdTU/vdJZ3KtzfKkRYgl2
S0/rqBGx980rCBPjdmrJb+6DPn3fJIDh7vdghWLqXI6lP0m9y6A=
=ogal
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2791-1] mailman security update
Next by Date: [SECURITY] [DLA 2794-1] php7.0 security update
Previous by thread: [SECURITY] [DLA 2791-1] mailman security update
Next by thread: [SECURITY] [DLA 2794-1] php7.0 security update
Index(es):
- Date
- Thread