libde265 (1.0.11-1) unstable; urgency=medium
[ Tobias Frost ]
* Make my patch less noisy.
[ Joachim Bauch ]
* New upstream version 1.0.11
* Unpackaged upstream version 1.0.10 fixes the following CVEs, most caused
by the same underlying issue:
CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597,
CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601,
CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605,
CVE-2020-21606, CVE-2022-1253, CVE-2022-43236, CVE-2022-43237,
CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241,
CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245,
CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252,
CVE-2022-43253, CVE-2022-47655
* Remove patch applied upstream.
* Update patches for new upstream version.
* Remove copyright entry for file no longer present in upstream.
* Update symbols for new upstream version.
* Bump "Standards-Version" to 4.6.2
-- Joachim Bauch <email address hidden> Thu, 02 Feb 2023 16:06:20 +0100
libde265 (1.0.9-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Apply patches to mitigate asan failures:
reject_reference_pics_from_different_sps.patch and
use_sps_from_the_image.patch.
* Combined, this two patches fixes:
- CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816)
- CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238,
CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242,
CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179)
- CVE-2022-47655
* Additional patch recycle_sps_if_possible.patch to avoid over-rejecting
valid video streams due to reject_reference_pics_from_different_sps.patch.
* Modifying past changelog entries to indicate when vulnerabilities were
fixed:
- In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999
- In 1.0.3-1, 1 CVE, see #1029396
* drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev
(Closes: #981260)
-- Tobias Frost <email address hidden> Sun, 22 Jan 2023 13:19:20 +0100