libde265 (1.0.11-1+deb12u2) bookworm; urgency=medium * Non-maintainer upload by the LTS Team. (Closes: #1059275) * CVE-2023-49465 heap-buffer-overflow in derive_spatial_luma_vector_prediction() * CVE-2023-49467 heap-buffer-overflow in derive_combined_bipredictive_merging_candidates() * CVE-2023-49468 global buffer overflow in read_coding_unit() -- Thorsten Alteholz <debian@alteholz.de> Fri, 29 Dec 2023 23:03:02 +0100 libde265 (1.0.11-1+deb12u1) bookworm; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2023-27102 (Closes: #1033257) fix segmentation violation in the function decoder_context::process_slice_segment_header * CVE-2023-27103 fix heap buffer overflow in the function derive_collocated_motion_vectors * CVE-2023-43887 fix buffer over-read in pic_parameter_set::dump * CVE-2023-47471 (Closes: #1056187) fix buffer overflow in the slice_segment_header function -- Thorsten Alteholz <debian@alteholz.de> Sun, 26 Nov 2023 13:03:02 +0100 libde265 (1.0.11-1) unstable; urgency=medium [ Tobias Frost ] * Make my patch less noisy. [ Joachim Bauch ] * New upstream version 1.0.11 * Unpackaged upstream version 1.0.10 fixes the following CVEs, most caused by the same underlying issue: CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606, CVE-2022-1253, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252, CVE-2022-43253, CVE-2022-47655 * Remove patch applied upstream. * Update patches for new upstream version. * Remove copyright entry for file no longer present in upstream. * Update symbols for new upstream version. * Bump "Standards-Version" to 4.6.2 -- Joachim Bauch <bauch@struktur.de> Thu, 02 Feb 2023 16:06:20 +0100 libde265 (1.0.9-1.1) unstable; urgency=medium * Non-maintainer upload. * Apply patches to mitigate asan failures: reject_reference_pics_from_different_sps.patch and use_sps_from_the_image.patch. * Combined, this two patches fixes: - CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816) - CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179) - CVE-2022-47655 * Additional patch recycle_sps_if_possible.patch to avoid over-rejecting valid video streams due to reject_reference_pics_from_different_sps.patch. * Modifying past changelog entries to indicate when vulnerabilities were fixed: - In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999 - In 1.0.3-1, 1 CVE, see #1029396 * drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev (Closes: #981260) -- Tobias Frost <tobi@debian.org> Sun, 22 Jan 2023 13:19:20 +0100 libde265 (1.0.9-1) unstable; urgency=medium * Add "Rules-Requires-Root: no". * New upstream version 1.0.9. Bisecting shows that this version fixed this CVES: - CVE-2020-21598, CVE-2020-21600, CVE-2020-21602 (Closes: #1004963) - CVE-2020-21595, CVE-2020-21597, CVE-2020-21599, CVE-2020-21601, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606 (Closes: #1014999) * Remove patches now part of upstream release. * Bump "Standards-Version" to 4.6.1 * Add patch to provide "gl_VISIBILITY" macro. * Update symbols for new upstream version. -- Joachim Bauch <bauch@struktur.de> Tue, 25 Oct 2022 10:15:37 +0200 libde265 (1.0.8-1.1) unstable; urgency=medium * Non-maintainer upload. * Import upstream fixes for CVE-tracked vulnerabilities (Closes: #1014977) - CVE-2022-1253 - CVE-2021-36411 - CVE-2021-36410 - CVE-2021-36409 - CVE-2021-36408 - CVE-2021-35452 -- Philipp Kern <pkern@debian.org> Sun, 16 Oct 2022 15:26:20 +0200 libde265 (1.0.8-1) unstable; urgency=medium * Update to debhelper compat level 13 and add debian/not-installed * Imported Upstream version 1.0.8 * Remove patch applied upstream. * Bump "Standards-Version" to 4.5.1 -- Joachim Bauch <bauch@struktur.de> Wed, 16 Dec 2020 16:32:29 +0100 libde265 (1.0.7-1) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Bug-Submit. [ Joachim Bauch ] * Imported Upstream version 1.0.7 * Update patches for new upstream version. * Update symbols for new upstream version. * Bump "Standards-Version" to 4.5.0 -- Joachim Bauch <bauch@struktur.de> Fri, 25 Sep 2020 13:00:59 +0200 libde265 (1.0.4-1) unstable; urgency=medium [ Ondřej Nový ] * Use debhelper-compat instead of debian/compat [ Joachim Bauch ] * Imported Upstream version 1.0.4 * Enable hardening. * Specify Build-Depends-Package in symbols. * Ignore more internal STL symbols. * Bump "Standards-Version" to 4.4.1 * Update to debhelper compat level 12. [ Debian Janitor ] * Set upstream metadata fields: Bug-Database, Repository, Repository- Browse. [ Sebastian Ramacher ] * debian/rules: Remove obsolete dh_strip override -- Joachim Bauch <bauch@struktur.de> Fri, 20 Dec 2019 12:17:15 +0100 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libde265-0`.
Generated by dwww version 1.15 on Sun Jun 23 04:24:27 CEST 2024.