diff -Nru libde265-1.0.4/debian/changelog libde265-1.0.4/debian/changelog --- libde265-1.0.4/debian/changelog 2024-02-06 15:51:20.000000000 +0000 +++ libde265-1.0.4/debian/changelog 2024-02-14 19:39:49.000000000 +0000 @@ -1,3 +1,45 @@ +libde265 (1.0.4-1ubuntu0.3) focal-security; urgency=medium + + * SECURITY UPDATE: read-out-of-bounds + - debian/patches/CVE-2022-43245.patch: fix illegal table access + when input pixel is out of range. + - CVE-2022-43245 + * SECURITY UPDATE: heap-buffer-overflow + - debian/patches/CVE-2022-43249.patch: checking in MC whether + bit-depths match. + - CVE-2022-43244 + - CVE-2022-43249 + - CVE-2022-43250 + * SECURITY UPDATE: heap-buffer-overflow + - debian/patches/CVE-2022-47665.patch: image's ctb_info has to be + reallocated also when dimensions change even if total number of + CTBs stays the same. + - CVE-2022-47665 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24751.patch: another MC fix for + monochroma images. + - CVE-2023-24751 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24752.patch: another MC fix for + monochroma images. + - CVE-2023-24752 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24754.patch: fix for monochrome MC. + - CVE-2023-24754 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24755.patch: fix for monochrome MC. + - CVE-2023-24755 + - CVE-2023-24756 + - CVE-2023-24757 + - CVE-2023-24758 + * SECURITY UPDATE: heap-buffer-overflow + - debian/patches/CVE-2023-25221.patch: check for invalid refIdx. + - CVE-2023-25221 + * Add patches: + - d/p/check-for-negative-q-values-in-invalid-input-streams.patch + + -- Fabian Toepfer Wed, 14 Feb 2024 20:39:49 +0100 + libde265 (1.0.4-1ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: denial-of-service diff -Nru libde265-1.0.4/debian/patches/CVE-2022-43245.patch libde265-1.0.4/debian/patches/CVE-2022-43245.patch --- libde265-1.0.4/debian/patches/CVE-2022-43245.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2022-43245.patch 2024-02-14 19:05:56.000000000 +0000 @@ -0,0 +1,37 @@ +From ad291690a8c92218b9e86738edd45ed64736b246 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Tue, 24 Jan 2023 16:53:06 +0100 +Subject: [PATCH] SAO: fix illegal table access when input pixel is out of + range (fixes #351) + +--- + libde265/sao.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- libde265-1.0.4.orig/libde265/sao.cc ++++ libde265-1.0.4/libde265/sao.cc +@@ -211,11 +211,21 @@ void apply_sao_internal(de265_image* img + continue; + } + +- int bandIdx = bandTable[ in_img[xC+i+(yC+j)*in_stride]>>bandShift ]; +- + // Shifts are a strange thing. On x86, >>x actually computes >>(x%64). + // So we have to take care of large bandShifts. +- if (bandShift>=8) { bandIdx=0; } ++ int bandIdx; ++ if (bandShift>=8) { ++ bandIdx=0; ++ } else { ++ int pixel = in_img[xC+i+(yC+j)*in_stride]; ++ ++ // Note: the input pixel value should never exceed the valid range, but it seems that it still does, ++ // maybe when there was a decoding error and the pixels have not been filled in correctly. ++ // Thus, we have to limit the pixel range to ensure that we have no illegal table access. ++ pixel = Clip3(0,maxPixelValue, pixel); ++ ++ bandIdx = bandTable[ pixel>>bandShift ]; ++ } + + if (bandIdx>0) { + int offset = saoinfo->saoOffsetVal[cIdx][bandIdx-1]; diff -Nru libde265-1.0.4/debian/patches/CVE-2022-43249.patch libde265-1.0.4/debian/patches/CVE-2022-43249.patch --- libde265-1.0.4/debian/patches/CVE-2022-43249.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2022-43249.patch 2024-02-14 19:07:25.000000000 +0000 @@ -0,0 +1,46 @@ +From fbd0b3a11402e197aecbfa2f7d56625e7c7b9070 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Tue, 24 Jan 2023 12:20:53 +0100 +Subject: [PATCH] fix-345 by checking in MC whether bit-depths match (#345) + +--- + libde265/de265.cc | 2 ++ + libde265/de265.h | 3 ++- + libde265/motion.cc | 5 +++++ + 3 files changed, 9 insertions(+), 1 deletion(-) + +--- libde265-1.0.4.orig/libde265/de265.cc ++++ libde265-1.0.4/libde265/de265.cc +@@ -164,6 +164,8 @@ LIBDE265_API const char* de265_get_error + return "Chroma format of current image does not match chroma in SPS"; + case DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS: + return "Size of reference image does not match current size in SPS"; ++ case DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH: ++ return "Bit-depth of reference image does not match current image"; + + default: return "unknown error"; + } +--- libde265-1.0.4.orig/libde265/de265.h ++++ libde265-1.0.4/libde265/de265.h +@@ -137,6 +137,7 @@ typedef enum { + DE265_WARNING_SPS_MISSING_CANNOT_DECODE_SEI=1025, + DE265_WARNING_COLLOCATED_MOTION_VECTOR_OUTSIDE_IMAGE_AREA=1026, + DE265_WARNING_PCM_BITDEPTH_TOO_LARGE=1027, ++ DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH=1028, + DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS=1029, + DE265_WARNING_CHROMA_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1030, + DE265_WARNING_BIT_DEPTH_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1031 +--- libde265-1.0.4.orig/libde265/motion.cc ++++ libde265-1.0.4/libde265/motion.cc +@@ -374,6 +374,11 @@ void generate_inter_prediction_samples(b + img->integrity = INTEGRITY_DECODING_ERRORS; + ctx->add_warning(DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS, false); + } ++ else if (img->get_bit_depth(0) != refPic->get_bit_depth(0) || ++ img->get_bit_depth(1) != refPic->get_bit_depth(1)) { ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH, false); ++ } + else { + // 8.5.3.2.2 + diff -Nru libde265-1.0.4/debian/patches/CVE-2022-47665.patch libde265-1.0.4/debian/patches/CVE-2022-47665.patch --- libde265-1.0.4/debian/patches/CVE-2022-47665.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2022-47665.patch 2024-02-14 19:07:35.000000000 +0000 @@ -0,0 +1,24 @@ +From 2f0430ecda4dc83b5a3feaa3bea4826d1840dc68 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Wed, 25 Jan 2023 19:43:20 +0100 +Subject: [PATCH] image's ctb_info has to be reallocated also when dimensions + change (even if total number of CTBs stays the same). Fixes #369 + +--- + libde265/image.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libde265/image.cc b/libde265/image.cc +index 07e4a22d..39813b04 100644 +--- a/libde265/image.cc ++++ b/libde265/image.cc +@@ -445,7 +445,8 @@ de265_error de265_image::alloc_image(int w,int h, enum de265_chroma c, + + // CTB info + +- if (ctb_info.data_size != sps->PicSizeInCtbsY) ++ if (ctb_info.width_in_units != sps->PicWidthInCtbsY || ++ ctb_info.height_in_units != sps->PicHeightInCtbsY) + { + delete[] ctb_progress; + diff -Nru libde265-1.0.4/debian/patches/CVE-2023-24751.patch libde265-1.0.4/debian/patches/CVE-2023-24751.patch --- libde265-1.0.4/debian/patches/CVE-2023-24751.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2023-24751.patch 2024-02-14 19:07:55.000000000 +0000 @@ -0,0 +1,42 @@ +From 7ea8e3cbb010bc02fa38419e87ed2281d7933850 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sat, 28 Jan 2023 15:03:34 +0100 +Subject: [PATCH] another MC fix for monochroma images (fixes #379) + +--- + libde265/motion.cc | 22 ++++++++++++---------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 9e5182ec..78303d81 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -588,16 +588,18 @@ void generate_inter_prediction_samples(base_context* ctx, + int16_t* in10 = predSamplesC[1][0]; + int16_t* in11 = predSamplesC[1][1]; + +- ctx->acceleration.put_weighted_bipred(pixels[1], stride[1], +- in00,in01, nCS, nPbW/SubWidthC, nPbH/SubHeightC, +- chroma0_w0,chroma0_o0, +- chroma0_w1,chroma0_o1, +- chroma_log2WD, bit_depth_C); +- ctx->acceleration.put_weighted_bipred(pixels[2], stride[2], +- in10,in11, nCS, nPbW/SubWidthC, nPbH/SubHeightC, +- chroma1_w0,chroma1_o0, +- chroma1_w1,chroma1_o1, +- chroma_log2WD, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_bipred(pixels[1], stride[1], ++ in00, in01, nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma0_w0, chroma0_o0, ++ chroma0_w1, chroma0_o1, ++ chroma_log2WD, bit_depth_C); ++ ctx->acceleration.put_weighted_bipred(pixels[2], stride[2], ++ in10, in11, nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma1_w0, chroma1_o0, ++ chroma1_w1, chroma1_o1, ++ chroma_log2WD, bit_depth_C); ++ } + } + } + else if (predFlag[0]==1 || predFlag[1]==1) { diff -Nru libde265-1.0.4/debian/patches/CVE-2023-24752.patch libde265-1.0.4/debian/patches/CVE-2023-24752.patch --- libde265-1.0.4/debian/patches/CVE-2023-24752.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2023-24752.patch 2024-02-14 19:07:59.000000000 +0000 @@ -0,0 +1,39 @@ +From 052bacb2535cf0024042eefde58e48df2c778f7c Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sat, 28 Jan 2023 15:01:21 +0100 +Subject: [PATCH] another MC fix for monochroma images (fixes #378) + +--- + libde265/motion.cc | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 7527539d..9e5182ec 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -632,14 +632,17 @@ void generate_inter_prediction_samples(base_context* ctx, + ctx->acceleration.put_weighted_pred(pixels[0], stride[0], + predSamplesL[l],nCS, nPbW,nPbH, + luma_w, luma_o, luma_log2WD, bit_depth_L); +- ctx->acceleration.put_weighted_pred(pixels[1], stride[1], +- predSamplesC[0][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, +- chroma0_w, chroma0_o, chroma_log2WD, bit_depth_C); +- ctx->acceleration.put_weighted_pred(pixels[2], stride[2], +- predSamplesC[1][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, +- chroma1_w, chroma1_o, chroma_log2WD, bit_depth_C); ++ ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_pred(pixels[1], stride[1], ++ predSamplesC[0][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma0_w, chroma0_o, chroma_log2WD, bit_depth_C); ++ ctx->acceleration.put_weighted_pred(pixels[2], stride[2], ++ predSamplesC[1][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma1_w, chroma1_o, chroma_log2WD, bit_depth_C); ++ } + } + } + else { diff -Nru libde265-1.0.4/debian/patches/CVE-2023-24754.patch libde265-1.0.4/debian/patches/CVE-2023-24754.patch --- libde265-1.0.4/debian/patches/CVE-2023-24754.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2023-24754.patch 2024-02-14 19:08:04.000000000 +0000 @@ -0,0 +1,34 @@ +From bfb6de155f9fb015d2904cb4ef07809f17995276 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sun, 29 Jan 2023 12:20:48 +0100 +Subject: [PATCH] fix for monochrome MC (fixes #381) + +--- + libde265/motion.cc | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 37ca68fa..38f768d5 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -543,12 +543,14 @@ void generate_inter_prediction_samples(base_context* ctx, + int16_t* in10 = predSamplesC[1][0]; + int16_t* in11 = predSamplesC[1][1]; + +- ctx->acceleration.put_weighted_pred_avg(pixels[1], stride[1], +- in00,in01, nCS, +- nPbW/SubWidthC, nPbH/SubHeightC, bit_depth_C); +- ctx->acceleration.put_weighted_pred_avg(pixels[2], stride[2], +- in10,in11, nCS, +- nPbW/SubWidthC, nPbH/SubHeightC, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_pred_avg(pixels[1], stride[1], ++ in00, in01, nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ ctx->acceleration.put_weighted_pred_avg(pixels[2], stride[2], ++ in10, in11, nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } + } + else { + // weighted prediction diff -Nru libde265-1.0.4/debian/patches/CVE-2023-24755.patch libde265-1.0.4/debian/patches/CVE-2023-24755.patch --- libde265-1.0.4/debian/patches/CVE-2023-24755.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2023-24755.patch 2024-02-14 19:08:08.000000000 +0000 @@ -0,0 +1,56 @@ +From 48eb7dafe204b825b4a62948ed171a0cd3f1bda2 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sun, 29 Jan 2023 12:18:19 +0100 +Subject: [PATCH] fix for monochrome MC (fixes #380) + +--- + libde265/motion.cc | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 78303d81..37ca68fa 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -509,12 +509,14 @@ void generate_inter_prediction_samples(base_context* ctx, + ctx->acceleration.put_weighted_pred(pixels[0], stride[0], + predSamplesL[0],nCS, nPbW,nPbH, + luma_w0, luma_o0, luma_log2WD, bit_depth_L); +- ctx->acceleration.put_weighted_pred(pixels[1], stride[1], +- predSamplesC[0][0],nCS, nPbW/SubWidthC,nPbH/SubHeightC, +- chroma0_w0, chroma0_o0, chroma_log2WD, bit_depth_C); +- ctx->acceleration.put_weighted_pred(pixels[2], stride[2], +- predSamplesC[1][0],nCS, nPbW/SubWidthC,nPbH/SubHeightC, +- chroma1_w0, chroma1_o0, chroma_log2WD, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_pred(pixels[1], stride[1], ++ predSamplesC[0][0], nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma0_w0, chroma0_o0, chroma_log2WD, bit_depth_C); ++ ctx->acceleration.put_weighted_pred(pixels[2], stride[2], ++ predSamplesC[1][0], nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma1_w0, chroma1_o0, chroma_log2WD, bit_depth_C); ++ } + } + else { + ctx->add_warning(DE265_WARNING_BOTH_PREDFLAGS_ZERO, false); +@@ -608,12 +610,15 @@ void generate_inter_prediction_samples(base_context* ctx, + if (pps->weighted_bipred_flag==0) { + ctx->acceleration.put_unweighted_pred(pixels[0], stride[0], + predSamplesL[l],nCS, nPbW,nPbH, bit_depth_L); +- ctx->acceleration.put_unweighted_pred(pixels[1], stride[1], +- predSamplesC[0][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); +- ctx->acceleration.put_unweighted_pred(pixels[2], stride[2], +- predSamplesC[1][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); ++ ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_unweighted_pred(pixels[1], stride[1], ++ predSamplesC[0][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ ctx->acceleration.put_unweighted_pred(pixels[2], stride[2], ++ predSamplesC[1][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } + } + else { + int refIdx = vi->refIdx[l]; diff -Nru libde265-1.0.4/debian/patches/CVE-2023-25221.patch libde265-1.0.4/debian/patches/CVE-2023-25221.patch --- libde265-1.0.4/debian/patches/CVE-2023-25221.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/CVE-2023-25221.patch 2024-02-14 19:08:15.000000000 +0000 @@ -0,0 +1,41 @@ +From 857290982330e82d9e25d9d39527c6737021aa7d Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Mon, 30 Jan 2023 17:06:36 +0100 +Subject: [PATCH] check for invalid refIdx[] (fixes #388) + +--- + libde265/motion.cc | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 38f768d5..45d547b0 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -1890,6 +1890,12 @@ void derive_spatial_luma_vector_prediction(base_context* ctx, + + const PBMotion& vi = img->get_mv_info(xB[k],yB[k]); + ++ if (vi.refIdx[X] >= MAX_NUM_REF_PICS) { ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_NONEXISTING_REFERENCE_PICTURE_ACCESSED, false); ++ return; // error // TODO: we actually should make sure that this is never set to an out-of-range value ++ } ++ + if (vi.predFlag[X]==1 && + shdr->LongTermRefPic[X][refIdxLX] == shdr->LongTermRefPic[X][ vi.refIdx[X] ]) { + out_availableFlagLXN[B]=1; +@@ -2099,6 +2105,14 @@ void motion_vectors_and_ref_indices(base_context* ctx, + (inter_pred_idc == PRED_L1 && l==1)) { + out_vi->refIdx[l] = motion.refIdx[l]; + out_vi->predFlag[l] = 1; ++ ++ if (motion.refIdx[l] >= MAX_NUM_REF_PICS) { ++ out_vi->refIdx[l] = 0; ++ ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_NONEXISTING_REFERENCE_PICTURE_ACCESSED, false); ++ return; ++ } + } + else { + out_vi->refIdx[l] = -1; diff -Nru libde265-1.0.4/debian/patches/check-for-negative-q-values-in-invalid-input-streams.patch libde265-1.0.4/debian/patches/check-for-negative-q-values-in-invalid-input-streams.patch --- libde265-1.0.4/debian/patches/check-for-negative-q-values-in-invalid-input-streams.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.4/debian/patches/check-for-negative-q-values-in-invalid-input-streams.patch 2024-02-14 19:09:29.000000000 +0000 @@ -0,0 +1,34 @@ +From 282da73366f251edddc40f3908acb313ab5cd420 +From: Dirk Farin +Date: Mon Jul 16 10:57:50 2018 +0200 +Subject: check for negative Q-values in invalid input streams + +diff --git a/libde265/transform.cc b/libde265/transform.cc +index a844de20..ef404f8e 100644 +--- a/libde265/transform.cc ++++ b/libde265/transform.cc +@@ -147,6 +147,9 @@ void decode_quantization_parameters(thread_context* tctx, int xC,int yC, + (52 + sps.QpBdOffset_Y)) - sps.QpBdOffset_Y; + + tctx->qPYPrime = QPY + sps.QpBdOffset_Y; ++ if (tctx->qPYPrime<0) { ++ tctx->qPYPrime=0; ++ } + + int qPiCb = Clip3(-sps.QpBdOffset_C,57, QPY+pps.pic_cb_qp_offset + shdr->slice_cb_qp_offset + tctx->CuQpOffsetCb); + int qPiCr = Clip3(-sps.QpBdOffset_C,57, QPY+pps.pic_cr_qp_offset + shdr->slice_cr_qp_offset + tctx->CuQpOffsetCr); +@@ -169,7 +172,14 @@ void decode_quantization_parameters(thread_context* tctx, int xC,int yC, + //printf("q: %d %d\n",qPiCb, qPCb); + + tctx->qPCbPrime = qPCb + sps.QpBdOffset_C; ++ if (tctx->qPCbPrime<0) { ++ tctx->qPCbPrime = 0; ++ } ++ + tctx->qPCrPrime = qPCr + sps.QpBdOffset_C; ++ if (tctx->qPCrPrime<0) { ++ tctx->qPCrPrime = 0; ++ } + + /* + printf("Q: %d (%d %d %d / %d %d) %d %d %d\n",QPY, diff -Nru libde265-1.0.4/debian/patches/series libde265-1.0.4/debian/patches/series --- libde265-1.0.4/debian/patches/series 2024-02-06 15:51:20.000000000 +0000 +++ libde265-1.0.4/debian/patches/series 2024-02-14 19:09:29.000000000 +0000 @@ -12,3 +12,12 @@ CVE-2022-43237.patch CVE-2022-43238.patch fix-invalid-memory-access-after-unavailable-reference-frame-insertion.patch +CVE-2022-43245.patch +CVE-2022-43249.patch +CVE-2022-47665.patch +CVE-2023-24751.patch +CVE-2023-24752.patch +CVE-2023-24754.patch +CVE-2023-24755.patch +CVE-2023-25221.patch +check-for-negative-q-values-in-invalid-input-streams.patch