Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures
** Tags added: community-security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to faad2 in Ubuntu. https://bugs.launchpad.net/bugs/1970961 Title: Version in Bionic has multiple vulnerabilities Status in faad2 package in Ubuntu: New Bug description: The version in Bionic is vulnerable to all CVEs listed below. The version in Focal is vulnerable to CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32276, CVE-2021-32277 and CVE-2021-32278. Debian released an advisory on March 27. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/faad2/+bug/1970961/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp