Your message dated Fri, 26 Sep 2008 13:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#499899: fixed in faad2 2.6.1-3.1
has caused the Debian Bug report #499899,
regarding fraad2: heap overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
499899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: fraad2
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
fraad2 is affected by a heap overflow, please see the upstream
announcement[0] for more information. Also see the gentoo security
bug for further information[1]. The upstream patch can be found here[2].
As soon as a CVE id is issued, I'll forward it to this bugreport.
Cheers
Steffen
[0]: http://www.audiocoding.com/
[1]: http://bugs.gentoo.org/show_bug.cgi?id=238445
[2]: http://www.audiocoding.com/patch/main_overflow.diff
--- End Message ---
--- Begin Message ---
Source: faad2
Source-Version: 2.6.1-3.1
We believe that the bug you reported is fixed in the latest version of
faad2, which is due to be installed in the Debian FTP archive:
faad2_2.6.1-3.1.diff.gz
to pool/main/f/faad2/faad2_2.6.1-3.1.diff.gz
faad2_2.6.1-3.1.dsc
to pool/main/f/faad2/faad2_2.6.1-3.1.dsc
faad_2.6.1-3.1_i386.deb
to pool/main/f/faad2/faad_2.6.1-3.1_i386.deb
libfaad-dev_2.6.1-3.1_i386.deb
to pool/main/f/faad2/libfaad-dev_2.6.1-3.1_i386.deb
libfaad0_2.6.1-3.1_i386.deb
to pool/main/f/faad2/libfaad0_2.6.1-3.1_i386.deb
libfaad2-0_2.6.1-3.1_all.deb
to pool/main/f/faad2/libfaad2-0_2.6.1-3.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated faad2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 26 Sep 2008 12:02:35 +0000
Source: faad2
Binary: libfaad0 libfaad2-0 libfaad-dev faad
Architecture: source all i386
Version: 2.6.1-3.1
Distribution: unstable
Urgency: high
Maintainer: Matthew W. S. Bell <[EMAIL PROTECTED]>
Changed-By: Steffen Joeris <[EMAIL PROTECTED]>
Description:
faad - freeware Advanced Audio Decoder player
libfaad-dev - freeware Advanced Audio Decoder - development files
libfaad0 - freeware Advanced Audio Decoder - runtime files
libfaad2-0 - freeware Advanced Audio Decoder - dummy package
Closes: 499899
Changes:
faad2 (2.6.1-3.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Include upstream patch to fix heap overflow in the frontend code
(Closes: #499899)
Checksums-Sha1:
6ab7302373acdd74e4c091fb4946ed5ff02bf3d5 1057 faad2_2.6.1-3.1.dsc
c66eadccb86a7463a2bddd4ebe3e9d4615ec796a 334566 faad2_2.6.1-3.1.diff.gz
bffce7f2b24a50b8d2505004a8d491ed016795e7 6340 libfaad2-0_2.6.1-3.1_all.deb
b725b1a2852fbe05b54a4cb46e8b83290a5e24e1 168116 libfaad0_2.6.1-3.1_i386.deb
4bc534cb1c6410842dc42c033eee4c86eea59aa7 204646 libfaad-dev_2.6.1-3.1_i386.deb
ad3e060a4fdcc9a7326bfdc5f6bd8def55df0c2f 30346 faad_2.6.1-3.1_i386.deb
Checksums-Sha256:
5e5f6ef23904584ca5f137f918f69e14fe3070285646ac8c8b18b1e5416bf6e8 1057
faad2_2.6.1-3.1.dsc
24178b8a72b7d049552b6aba0eb3466bb6ef5c11bb36107a318c0bd8a29a1244 334566
faad2_2.6.1-3.1.diff.gz
2ed920457f5b09352a50bab8b4530e9b0f234c72c91d5b42f98d87363fd38ca8 6340
libfaad2-0_2.6.1-3.1_all.deb
6a93b197606da383ec51b6d3c443406c07202309417d1474d5bbdcbb0189542d 168116
libfaad0_2.6.1-3.1_i386.deb
08d1619dc6065782f4f839a07915a4153643d4636c3c3bacf873ca5c9f78a1b5 204646
libfaad-dev_2.6.1-3.1_i386.deb
a5e0133542a1f28817ca3ca3c3147e58c11d7defb3022799ea60f0b0951a8a51 30346
faad_2.6.1-3.1_i386.deb
Files:
ee6dff04537a83f52993d250ed0f831d 1057 libs optional faad2_2.6.1-3.1.dsc
c0a2262a0b59bff627f1c9aff8a008af 334566 libs optional faad2_2.6.1-3.1.diff.gz
e2be9e646c136611ef2e6c72d0062fe2 6340 libs optional
libfaad2-0_2.6.1-3.1_all.deb
a76204c2448aab72ec4baca277fbafa2 168116 libs optional
libfaad0_2.6.1-3.1_i386.deb
3b5c1e312a251c71e8fc728e83ba1f37 204646 libdevel optional
libfaad-dev_2.6.1-3.1_i386.deb
eb608789d220ad64f33fd5d70c5a00fc 30346 sound optional faad_2.6.1-3.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjc1K4ACgkQ62zWxYk/rQctUACgwb8mLDDlmr9CE8G4Nis1uanT
ESEAnj4WFwfEDY1wPUQ1LJub2maKbFm/
=NX4M
-----END PGP SIGNATURE-----
--- End Message ---
