libde265 (1.0.11-1+deb12u2) bookworm; urgency=medium
* Non-maintainer upload by the LTS Team.
(Closes: #1059275)
* CVE-2023-49465
heap-buffer-overflow in derive_spatial_luma_vector_prediction()
* CVE-2023-49467
heap-buffer-overflow in derive_combined_bipredictive_merging_candidates()
* CVE-2023-49468
global buffer overflow in read_coding_unit()
-- Thorsten Alteholz <debian@alteholz.de> Fri, 29 Dec 2023 23:03:02 +0100
libde265 (1.0.11-1+deb12u1) bookworm; urgency=medium
* Non-maintainer upload by the LTS Team.
* CVE-2023-27102 (Closes: #1033257)
fix segmentation violation in the
function decoder_context::process_slice_segment_header
* CVE-2023-27103
fix heap buffer overflow in the
function derive_collocated_motion_vectors
* CVE-2023-43887
fix buffer over-read in pic_parameter_set::dump
* CVE-2023-47471 (Closes: #1056187)
fix buffer overflow in the slice_segment_header function
-- Thorsten Alteholz <debian@alteholz.de> Sun, 26 Nov 2023 13:03:02 +0100
libde265 (1.0.11-1) unstable; urgency=medium
[ Tobias Frost ]
* Make my patch less noisy.
[ Joachim Bauch ]
* New upstream version 1.0.11
* Unpackaged upstream version 1.0.10 fixes the following CVEs, most caused
by the same underlying issue:
CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597,
CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601,
CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605,
CVE-2020-21606, CVE-2022-1253, CVE-2022-43236, CVE-2022-43237,
CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241,
CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245,
CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252,
CVE-2022-43253, CVE-2022-47655
* Remove patch applied upstream.
* Update patches for new upstream version.
* Remove copyright entry for file no longer present in upstream.
* Update symbols for new upstream version.
* Bump "Standards-Version" to 4.6.2
-- Joachim Bauch <bauch@struktur.de> Thu, 02 Feb 2023 16:06:20 +0100
libde265 (1.0.9-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Apply patches to mitigate asan failures:
reject_reference_pics_from_different_sps.patch and
use_sps_from_the_image.patch.
* Combined, this two patches fixes:
- CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816)
- CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238,
CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242,
CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179)
- CVE-2022-47655
* Additional patch recycle_sps_if_possible.patch to avoid over-rejecting
valid video streams due to reject_reference_pics_from_different_sps.patch.
* Modifying past changelog entries to indicate when vulnerabilities were
fixed:
- In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999
- In 1.0.3-1, 1 CVE, see #1029396
* drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev
(Closes: #981260)
-- Tobias Frost <tobi@debian.org> Sun, 22 Jan 2023 13:19:20 +0100
libde265 (1.0.9-1) unstable; urgency=medium
* Add "Rules-Requires-Root: no".
* New upstream version 1.0.9.
Bisecting shows that this version fixed this CVES:
- CVE-2020-21598, CVE-2020-21600, CVE-2020-21602 (Closes: #1004963)
- CVE-2020-21595, CVE-2020-21597, CVE-2020-21599, CVE-2020-21601,
CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606
(Closes: #1014999)
* Remove patches now part of upstream release.
* Bump "Standards-Version" to 4.6.1
* Add patch to provide "gl_VISIBILITY" macro.
* Update symbols for new upstream version.
-- Joachim Bauch <bauch@struktur.de> Tue, 25 Oct 2022 10:15:37 +0200
libde265 (1.0.8-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Import upstream fixes for CVE-tracked vulnerabilities
(Closes: #1014977)
- CVE-2022-1253
- CVE-2021-36411
- CVE-2021-36410
- CVE-2021-36409
- CVE-2021-36408
- CVE-2021-35452
-- Philipp Kern <pkern@debian.org> Sun, 16 Oct 2022 15:26:20 +0200
libde265 (1.0.8-1) unstable; urgency=medium
* Update to debhelper compat level 13 and add debian/not-installed
* Imported Upstream version 1.0.8
* Remove patch applied upstream.
* Bump "Standards-Version" to 4.5.1
-- Joachim Bauch <bauch@struktur.de> Wed, 16 Dec 2020 16:32:29 +0100
libde265 (1.0.7-1) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Submit.
[ Joachim Bauch ]
* Imported Upstream version 1.0.7
* Update patches for new upstream version.
* Update symbols for new upstream version.
* Bump "Standards-Version" to 4.5.0
-- Joachim Bauch <bauch@struktur.de> Fri, 25 Sep 2020 13:00:59 +0200
libde265 (1.0.4-1) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
[ Joachim Bauch ]
* Imported Upstream version 1.0.4
* Enable hardening.
* Specify Build-Depends-Package in symbols.
* Ignore more internal STL symbols.
* Bump "Standards-Version" to 4.4.1
* Update to debhelper compat level 12.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Repository, Repository-
Browse.
[ Sebastian Ramacher ]
* debian/rules: Remove obsolete dh_strip override
-- Joachim Bauch <bauch@struktur.de> Fri, 20 Dec 2019 12:17:15 +0100
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libde265-0`.
Generated by dwww version 1.15 on Sun Jun 23 04:24:27 CEST 2024.