Change logs for faad2 source package in Xenial

faad2 (2.8.0~cvs20150510-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Various issues were discovered in faad2 that can
    cause DoS (large loop and CPU consumption) via a crafted mp4 file.
    - debian/patches/CVE-2017-92xx.patch: Fix multiple vulnerabilities.
    - CVE-2017-9218
    - CVE-2017-9219
    - CVE-2017-9220
    - CVE-2017-9221
    - CVE-2017-9222
    - CVE-2017-9223
    - CVE-2017-9253
    - CVE-2017-9254
    - CVE-2017-9255
    - CVE-2017-9256
    - CVE-2017-9257

 -- Eduardo Barretto <email address hidden>  Fri, 22 Feb 2019 08:22:51 -0300

faad2 (2.8.0~cvs20150510-1) unstable; urgency=medium

  * New upstream CVS snapshot.
    + Does not crash when given ADTS AAC file with large ID3v2 tag anymore,
      thanks Mike Crowe for the bug report and patch (Closes: #689712).
    + Does not crash with the Mayhem testcase anymore, thanks Alexandre Rebert
      for the bug report (Closes: #715882).
  * Add debian/README.source to document how the Debian source tarball was
    created and force xz compression in debian/gbp.conf.
  * Remove all patches that were either applied, solved differently or
    disapproved upstream:
    + autotools-compat.patch: Disapproved upstream.
    + noinst-mp4ff.patch: Applied upstream.
    + manpage.patch: Applied upstream.
    + incorrect_pointer_size.patch: Does not apply anymore.
    + bpa-stdin.patch: Applied upstream.
    + path_max.patch: Applied upstream.
    + fix_ftbfs_with_gcc4.5.patch: Disapproved upstream.
    + symbol-visibility.patch: Does not apply anymore.
    + libfaad-drm.patch: Applied upstream.
  * Ship upstream's own frontend and API documentation manpages.
  * Update Debian packaging copyright years.
  * Remove '__DATE__' CPP macro for reproducible builds.

 -- Fabian Greffrath <email address hidden>  Mon, 11 May 2015 13:59:49 +0200