-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 22 Jan 2023 13:19:20 +0100 Source: libde265 Architecture: source Version: 1.0.9-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Tobias Frost <tobi@debian.org> Closes: 981260 1025816 1027179 Changes: libde265 (1.0.9-1.1) unstable; urgency=medium . * Non-maintainer upload. * Apply patches to mitigate asan failures: reject_reference_pics_from_different_sps.patch and use_sps_from_the_image.patch. * Combined, this two patches fixes: - CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816) - CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179) - CVE-2022-47655 * Additional patch recycle_sps_if_possible.patch to avoid over-rejecting valid video streams due to reject_reference_pics_from_different_sps.patch. * Modifying past changelog entries to indicate when vulnerabilities were fixed: - In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999 - In 1.0.3-1, 1 CVE, see #1029396 * drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev (Closes: #981260) Checksums-Sha1: 5f58eaa6a523799f75ddeb1693e67cd6df92f33d 2191 libde265_1.0.9-1.1.dsc 5deb84f56d664b48bca1631f4ebe9f1606e26b2c 14692 libde265_1.0.9-1.1.debian.tar.xz 12457f42d40f939bdd001bde40b57e55aec0e0e8 11956 libde265_1.0.9-1.1_amd64.buildinfo Checksums-Sha256: 8fa29401baca0bc787757dc0902a97d018b53fb3497073f861826c2637da3f2d 2191 libde265_1.0.9-1.1.dsc 826543b6b744eebf94c8f609ec52928537b7404fb17bcc546a0f3bab94379d61 14692 libde265_1.0.9-1.1.debian.tar.xz 75634a7841bf52d2334031fe6bcc01bfe70567aa514b431f8e4dbae903cf2cd6 11956 libde265_1.0.9-1.1_amd64.buildinfo Files: 85fe80afbe181b55be13e351a7da4635 2191 libs optional libde265_1.0.9-1.1.dsc c143d86a75bc57a84cfba105e78552a4 14692 libs optional libde265_1.0.9-1.1.debian.tar.xz 2616d9b53a013a68ba1234d4f6ae1a6a 11956 libs optional libde265_1.0.9-1.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmPNLHQACgkQkWT6HRe9 XTaHNw//dZp4OeNK3t3hQRMDZSKLOjwmgLGUaYBC6IZQi9mU7NUWKdPiK9uO58TV y0NPpycqhVHMaicNDHazflNmYe8Wf1pEkLTQpKUEz8cYzQmThpW08lctSmCW1oBT pbTwMxHS/QQAz8k3UFTOiWuZS/g7P8o+I2g6Csm1iSHZTa6m0N18G7J2ZIBzOIQh PckHSst0rSFYd1JaWWI5OMrtah2eGYWENgKZK8OjpkrKVeEIyGj3R7ijRjETGwpY IxTzDimgt+WuY6jKVqZlJfWLp8UeqBAWWtxjvTddFryOkMXulb8TpbgaaboNBBad Ed1i9T/o7PO1OLiuXwquAXGFkpPlw4HN/Fpl75PfMcmWVv61J3xZi3+KCbR6uKSN KxHZ8MoaKYzNo5dsRGKSG+sMT8dvJ3+Q/I3Kg3TdoKnwFAMCnVD4vD9q5WlAd/5P MoGjDYNn1T/9Ht5TVXRVbWcr21xy/BcaOSl1EEL7quyGga28QpUlairBsHSegihl LCtoQ4BLsl5XBokLniexWmg+ejLIjjvu3khtqDgs9ktpFmrq/2E7Lc2kTZto50QV XKlAMKxGn6t94IP7Vgq4il4TM9QyqZfWcaRazhAV0lYrTnyvpl8+sB9X0XRcZGeu pCACCNMQFbHdulsBAUz0e+wfOG4NbxtrMwh7uYhagJGHxs5EdLA= =+pqO -----END PGP SIGNATURE-----
