Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libheif 1.11.0-1+deb11u2 (source) into oldstable-security
Date: Tue, 05 Nov 2024 21:30:20 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 05 Nov 2024 13:07:00 -0800
Source: libheif
Architecture: source
Version: 1.11.0-1+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1032101 1035607
Changes:
 libheif (1.11.0-1+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Debian LTS team.
   * CVE-2023-0996: Fix an issue in the strided image data parsing code whereby
     an attacker could use a specially-crafted image file to cause a buffer
     overflow via a memcpy call. (Closes: #1032101)
   * CVE-2023-29659: Prevent an issue where a floating point exception /
     segfault could have been exploited by a specially-crafted image through the
     the Fraction::round() function. (Closes: #1035607)
Checksums-Sha1:
 47e9984d02840d7f3a259b13be732bcca6cca037 2318 libheif_1.11.0-1+deb11u2.dsc
 def98b8c83861b6e4f3cdf6d3b57c9aaf3408923 1680855 libheif_1.11.0.orig.tar.gz
 e525fb0c8687fec033e51bc1d6ab1e3d8cbcfaf9 10040 libheif_1.11.0-1+deb11u2.debian.tar.xz
 2a460fd16b9df1e30166d904362af63e166b6177 11233 libheif_1.11.0-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 04a37ce8ab7320d0cfc9e3b396236e6da5c4509134310d728bffca5df1ab0fd6 2318 libheif_1.11.0-1+deb11u2.dsc
 c550938f56ff6dac83702251a143f87cb3a6c71a50d8723955290832d9960913 1680855 libheif_1.11.0.orig.tar.gz
 3570d7047912ce44f9341dc1b0c61d8b6fc0467312c61fd84bb957395e9c734c 10040 libheif_1.11.0-1+deb11u2.debian.tar.xz
 2479a2563d3d1d625ee56bf326f0eecf0de05a0b0c23bc5a1673c21c4617da29 11233 libheif_1.11.0-1+deb11u2_amd64.buildinfo
Files:
 8a44c1202dc678492905739aa54dd768 2318 libs optional libheif_1.11.0-1+deb11u2.dsc
 1927b1507d33eaf2b8714239d9dbbde8 1680855 libs optional libheif_1.11.0.orig.tar.gz
 4fe5d7fac2c18cc9558d62b57d5fca0b 10040 libs optional libheif_1.11.0-1+deb11u2.debian.tar.xz
 8bcaf317d5b206fc5722d8d25ce29b6b 11233 libs optional libheif_1.11.0-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmcqi+QACgkQHpU+J9Qx
HlgxPw//V1hCRzjvdZpLSHB6WIi0fmQ3S01ESQqFWcMLZfhnNERN7vr8kiRSX+WX
SrU9a+qrYZdLlLoQNOx8zUbJ4Q/Jke/7JfZiPgNd7y4lRscsBcOT54Vrl9zkS7Qe
hdqDykFufH+dqE4P4gmr+QLx9QFaPdsVFlekp1g+5s/LksozZozmh3FOYJBsnCjs
+uFcFYUv5WtWF64D6ttl/TwYxjgr3gWpCz63NFthmoHZ47AQ01YfK1wslncLZ1wq
6cUNMqG3HZY4Ucp1Da/uPClD1x4q/CXYwyqIVdIPftRNpXXAftv8RvaHyheuptwL
ugQQQ9WPRtdicMWiNRmseGAGGcxyKa1+J12ZiOqmwSwsT1GNY7pHgDbFRisX4OtL
+X+k2yw39q4j5H+Oy37JHd6/GdBF4UcJaTpaBiA4OdYzRFXA9S/iORHCPPBjrykR
H3lNC7gqaBKO+FBqoyHQRDkOa9rAfA/t8aYbUcExn8bxao5AFnCn2C+T4PYH5eij
jsXIKgiOVicMA7f0zeK8haVx3ZRMdNAx3fU4sKM7gtiGpHrkxGidZ6XKdp+ZJdpi
J7PKG4R7dG1qVBnIvf+o1xhOVty77YkpGNetMl6i8L9/I65qdYDbZOFCQBOPBlUE
79hTap7dQ5I3vx3m7wge+0bgJXG9BMz9TcBloiIlUzpSqt7lEt4=
=xri1
-----END PGP SIGNATURE-----

News for package libheif