libde265 - Debian Package Tracker

general

source: libde265 (main)
version: 1.0.8-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Alessio Treglia [DMD] – Joachim Bauch [DMD]
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.2-2
oldstable: 1.0.3-1
stable: 1.0.8-1
testing: 1.0.8-1
unstable: 1.0.8-1

versioned links

1.0.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libde265-0
libde265-dev (1 bugs: 0, 0, 1, 0)
libde265-examples

action needed

Marked for autoremoval on 30 June due to nvidia-graphics-drivers-tesla-470: #1011146 high

Version 1.0.8-1 of libde265 is marked for autoremoval from testing on Thu 30 Jun 2022. It depends (transitively) on nvidia-graphics-drivers-tesla-470, affected by #1011146. You should try to prevent the removal by fixing these RC bugs.

Created: 2022-05-24 Last update: 2022-05-25 14:44

19 security issues in sid high

There are 19 open security issues in sid.

19 important issues:

CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
CVE-2020-21594: libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.
CVE-2020-21595: libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21596: libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21597: libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21598: libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21599: libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21600: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601: libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21602: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21603: libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21604: libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21605: libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21606: libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
CVE-2021-36408: An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
CVE-2021-36409: There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
CVE-2021-36410: A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
CVE-2021-36411: An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Created: 2021-09-17 Last update: 2022-04-13 05:00

19 security issues in buster high

There are 19 open security issues in buster.

2 important issues:

CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

17 issues left for the package maintainer to handle:

CVE-2020-21594: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.
CVE-2020-21595: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21596: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21597: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21598: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21599: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21600: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21602: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21603: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21604: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21605: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21606: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2021-36408: (needs triaging) An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
CVE-2021-36409: (needs triaging) There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
CVE-2021-36410: (needs triaging) A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
CVE-2021-36411: (needs triaging) An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-09-17 Last update: 2022-04-13 05:00

19 security issues in bullseye high

There are 19 open security issues in bullseye.

2 important issues:

CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

17 issues left for the package maintainer to handle:

CVE-2020-21594: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.
CVE-2020-21595: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21596: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21597: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21598: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21599: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21600: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21602: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21603: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21604: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21605: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21606: (postponed; to be fixed through a stable update) libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2021-36408: (needs triaging) An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
CVE-2021-36409: (needs triaging) There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
CVE-2021-36410: (needs triaging) A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
CVE-2021-36411: (needs triaging) An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-09-17 Last update: 2022-04-13 05:00

19 security issues in bookworm high

There are 19 open security issues in bookworm.

19 important issues:

CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
CVE-2020-21594: libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.
CVE-2020-21595: libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21596: libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21597: libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21598: libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21599: libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21600: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601: libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21602: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21603: libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21604: libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21605: libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21606: libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
CVE-2021-36408: An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
CVE-2021-36409: There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
CVE-2021-36410: A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
CVE-2021-36411: An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Created: 2021-09-17 Last update: 2022-04-13 05:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2021-08-14 Last update: 2022-05-25 14:32

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit fffc07b890b1785f0db1a402c405268f9ea72062
Author: Joachim Bauch <bauch@struktur.de>
Date:   Thu Dec 17 09:34:20 2020 +0100

    Add "Rules-Requires-Root: no".

Created: 2020-12-17 Last update: 2022-05-20 17:42

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:03

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-02-25 Last update: 2017-02-25 13:12

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-05-11 23:25

testing migrations

This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-12-22] libde265 1.0.8-1 MIGRATED to testing (Debian testing watch)
[2020-12-16] Accepted libde265 1.0.8-1 (source) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2020-10-01] libde265 1.0.7-1 MIGRATED to testing (Debian testing watch)
[2020-10-01] libde265 1.0.7-1 MIGRATED to testing (Debian testing watch)
[2020-09-25] Accepted libde265 1.0.7-1 (source) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2019-12-29] libde265 1.0.4-1 MIGRATED to testing (Debian testing watch)
[2019-12-24] Accepted libde265 1.0.4-1 (source) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2018-04-25] libde265 1.0.3-1 MIGRATED to testing (Debian testing watch)
[2018-04-19] Accepted libde265 1.0.3-1 (source) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2016-01-22] libde265 1.0.2-2 MIGRATED to testing (Debian testing watch)
[2016-01-11] Accepted libde265 1.0.2-2 (source) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2015-07-27] libde265 1.0.2-1 MIGRATED to testing (Britney)
[2015-07-16] Accepted libde265 1.0.2-1 (source amd64) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2014-09-27] libde265 0.9-1 MIGRATED to testing (Britney)
[2014-09-16] Accepted libde265 0.9-1 (source amd64) into unstable (Joachim Bauch) (signed by: Sebastian Ramacher)
[2014-08-22] libde265 0.8-1 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 3
RC: 1
I&N: 1
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 2)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.8-1