libde265 (1.0.8-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2023-27102.patch: check whether referenced
PPS exists.
- CVE-2023-27102
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-27103.patch: check for valid slice
header index access.
- CVE-2023-27103
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-43887.patch: fix buffer overflow via the
num_tile_columns and num_tile_row parameters in the function
pic_parameter_set::dump.
- CVE-2023-43887
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-47471.patch: check for null-pointer in
functon slice_segment_header::dump_slice_segment_header.
- CVE-2023-47471
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-49465.patch: fix buffer overflow via the
derive_spatial_luma_vector_prediction function.
- CVE-2023-49465
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-49467.patch: prevent endless loop in
decode_ref_idx_lX function when numRefIdxLXActive is invalid.
- CVE-2023-49467
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-49468.patch: sanitize values if IPM is
uninitialized in get_IntraPredMode function.
- CVE-2023-49468
-- Fabian Toepfer <fabian.toepfer@canonical.com> Fri, 01 Mar 2024 10:51:23 +0100
libde265 (1.0.8-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2022-43245.patch: fix illegal table access
when input pixel is out of range.
- CVE-2022-43245
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-43249.patch: checking in MC whether
bit-depths match.
- CVE-2022-43244
- CVE-2022-43249
- CVE-2022-43250
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-47665.patch: image's ctb_info has to be
reallocated also when dimensions change even if total number of
CTBs stays the same.
- CVE-2022-47665
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24751.patch: another MC fix for
monochroma images.
- CVE-2023-24751
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24752.patch: another MC fix for
monochroma images.
- CVE-2023-24752
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24754.patch: fix for monochrome MC.
- CVE-2023-24754
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24755.patch: fix for monochrome MC.
- CVE-2023-24755
- CVE-2023-24756
- CVE-2023-24757
- CVE-2023-24758
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-25221.patch: check for invalid refIdx.
- CVE-2023-25221
* Add patches:
- debian/patches/mc-for-mono-images.patch
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 14 Feb 2024 20:24:21 +0100
libde265 (1.0.8-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2021-35452.patch: fix check for valid PPS idx.
- CVE-2021-35452
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2021-36408.patch: fix streams where SPS image
size changes without refreshing PPS.
- CVE-2021-36408
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2021-36409.patch: fix assertion when reading
invalid scaling_list.
- CVE-2021-36409
* SECURITY UPDATE: stack-buffer-overflow
- debian/patches/CVE-2021-36410.patch: fix MC with HDR chroma, but
SDR luma.
- CVE-2021-36410
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2021-36411.patch: fix reading invalid images
where shdr references are NULL in part of the image.
- CVE-2021-36411
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-1253.patch: error on out-of-range
cpb_cnt_minus1.
- CVE-2022-1253
* SECURITY UPDATE: stack-buffer-overflow
- debian/patches/CVE-2022-43236.patch: check that image bit-depth
matches SPS bit depth.
- CVE-2022-43235
- CVE-2022-43236
- CVE-2022-43248
- CVE-2022-43253
* SECURITY UPDATE: stack-buffer-overflow
- debian/patches/CVE-2022-43237.patch: check that image chroma
format matches the SPS chroma format.
- CVE-2022-43237
- CVE-2022-43243
- CVE-2022-43252
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2022-43238.patch: check that image size
matches sps.
- CVE-2022-43238
- CVE-2022-43239
- CVE-2022-43240
- CVE-2022-43241
- CVE-2022-43242
-- Fabian Toepfer <fabian.toepfer@canonical.com> Tue, 06 Feb 2024 16:52:09 +0100
libde265 (1.0.8-1) unstable; urgency=medium
* Update to debhelper compat level 13 and add debian/not-installed
* Imported Upstream version 1.0.8
* Remove patch applied upstream.
* Bump "Standards-Version" to 4.5.1
-- Joachim Bauch <bauch@struktur.de> Wed, 16 Dec 2020 16:32:29 +0100
libde265 (1.0.7-1) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Submit.
[ Joachim Bauch ]
* Imported Upstream version 1.0.7
* Update patches for new upstream version.
* Update symbols for new upstream version.
* Bump "Standards-Version" to 4.5.0
-- Joachim Bauch <bauch@struktur.de> Fri, 25 Sep 2020 13:00:59 +0200
libde265 (1.0.4-1) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
[ Joachim Bauch ]
* Imported Upstream version 1.0.4
* Enable hardening.
* Specify Build-Depends-Package in symbols.
* Ignore more internal STL symbols.
* Bump "Standards-Version" to 4.4.1
* Update to debhelper compat level 12.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Repository, Repository-
Browse.
[ Sebastian Ramacher ]
* debian/rules: Remove obsolete dh_strip override
-- Joachim Bauch <bauch@struktur.de> Fri, 20 Dec 2019 12:17:15 +0100
libde265 (1.0.3-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/control: Set Vcs-* to salsa.debian.org
[ Felipe Sateler ]
* Change maintainer address to debian-multimedia@lists.debian.org
[ Joachim Bauch ]
* Imported Upstream version 1.0.3
* Update patches for new upstream version.
* Update symbols for new upstream version.
* Update standards version and switch to debhelper 10.
-- Joachim Bauch <bauch@struktur.de> Thu, 19 Apr 2018 11:44:40 +0200
libde265 (1.0.2-2) unstable; urgency=low
[ Joachim Bauch ]
* Added patch by Andreas Cadhalpun to fix compilation with FFmpeg 2.9
(Closes: #803834)
* Updated symbols file for new C++11 symbols.
[ Sebastian Ramacher ]
* Migrate to automatic dbg packages.
* debian/control: Remove some unnecessary Build-Depends.
-- Joachim Bauch <bauch@struktur.de> Mon, 11 Jan 2016 19:12:19 +0100
libde265 (1.0.2-1) unstable; urgency=low
* Imported Upstream version 1.0.2
* Added new files to copyright information.
* Only export decoder API and update symbols for new version.
-- Joachim Bauch <bauch@struktur.de> Thu, 16 Jul 2015 11:07:46 +0200
libde265 (0.9-1) unstable; urgency=low
* Updated symbols to make all "std::vector" symbols optional.
* Imported Upstream version 0.9
* Removed deprecated patch to update symbols visibility. Changes were
applied upstream.
* Upstream supports compiling against Qt5, prefer that over Qt4.
* Added new symbols from new upstream release.
-- Joachim Bauch <bauch@struktur.de> Tue, 16 Sep 2014 18:47:14 +0200
# For older changelog entries, run 'apt-get changelog libde265-0'
Generated by dwww version 1.14 on Sun Feb 2 13:27:29 CET 2025.