Accepted libde265 1.0.9-1.1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted libde265 1.0.9-1.1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 22 Jan 2023 13:52:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libde265_1.0.9-1.1_source.changes
- Debian-source: libde265
- Debian-suite: unstable
- Debian-version: 1.0.9-1.1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=g744TgLbIU5rcep2doMErop48LyGHuhQ59hM+12cBng=; b=tELF1zLagKq41LJW3XhZmV4ptE X+EFDocdhrXgEOSFFwm9NPvV5tTVc/stITigq2055vrd1tZtiqdBUHDg9sbZHcnNmEi3zMJ+wV5xD MzagrWuFfRsLrFf+nayoV7MqMLhbMSpWUH8iGLmFqjaoFRY/KKORqUK3RWjiK+QRJG8k6quH0BadX Td72OZeeoPMvdeDSDIbDo+Pn7Hpqj03fOVVlHQV6mLmNl5UUeioDQAUxJH+ND7qtgp8PUsyvIRh+B 6xA3XarthcPzYip010CSLc6Yv4jcGlMsa+ip7D+5NeohqwxwN9BMCc12sQ2Z8k7GeR/MKUtnIN36D ThZ+0SEA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pJali-00FTDi-N9@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 22 Jan 2023 13:19:20 +0100
Source: libde265
Architecture: source
Version: 1.0.9-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 981260 1025816 1027179
Changes:
libde265 (1.0.9-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply patches to mitigate asan failures:
reject_reference_pics_from_different_sps.patch and
use_sps_from_the_image.patch.
* Combined, this two patches fixes:
- CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816)
- CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238,
CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242,
CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179)
- CVE-2022-47655
* Additional patch recycle_sps_if_possible.patch to avoid over-rejecting
valid video streams due to reject_reference_pics_from_different_sps.patch.
* Modifying past changelog entries to indicate when vulnerabilities were
fixed:
- In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999
- In 1.0.3-1, 1 CVE, see #1029396
* drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev
(Closes: #981260)
Checksums-Sha1:
5f58eaa6a523799f75ddeb1693e67cd6df92f33d 2191 libde265_1.0.9-1.1.dsc
5deb84f56d664b48bca1631f4ebe9f1606e26b2c 14692 libde265_1.0.9-1.1.debian.tar.xz
12457f42d40f939bdd001bde40b57e55aec0e0e8 11956 libde265_1.0.9-1.1_amd64.buildinfo
Checksums-Sha256:
8fa29401baca0bc787757dc0902a97d018b53fb3497073f861826c2637da3f2d 2191 libde265_1.0.9-1.1.dsc
826543b6b744eebf94c8f609ec52928537b7404fb17bcc546a0f3bab94379d61 14692 libde265_1.0.9-1.1.debian.tar.xz
75634a7841bf52d2334031fe6bcc01bfe70567aa514b431f8e4dbae903cf2cd6 11956 libde265_1.0.9-1.1_amd64.buildinfo
Files:
85fe80afbe181b55be13e351a7da4635 2191 libs optional libde265_1.0.9-1.1.dsc
c143d86a75bc57a84cfba105e78552a4 14692 libs optional libde265_1.0.9-1.1.debian.tar.xz
2616d9b53a013a68ba1234d4f6ae1a6a 11956 libs optional libde265_1.0.9-1.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmPNLHQACgkQkWT6HRe9
XTaHNw//dZp4OeNK3t3hQRMDZSKLOjwmgLGUaYBC6IZQi9mU7NUWKdPiK9uO58TV
y0NPpycqhVHMaicNDHazflNmYe8Wf1pEkLTQpKUEz8cYzQmThpW08lctSmCW1oBT
pbTwMxHS/QQAz8k3UFTOiWuZS/g7P8o+I2g6Csm1iSHZTa6m0N18G7J2ZIBzOIQh
PckHSst0rSFYd1JaWWI5OMrtah2eGYWENgKZK8OjpkrKVeEIyGj3R7ijRjETGwpY
IxTzDimgt+WuY6jKVqZlJfWLp8UeqBAWWtxjvTddFryOkMXulb8TpbgaaboNBBad
Ed1i9T/o7PO1OLiuXwquAXGFkpPlw4HN/Fpl75PfMcmWVv61J3xZi3+KCbR6uKSN
KxHZ8MoaKYzNo5dsRGKSG+sMT8dvJ3+Q/I3Kg3TdoKnwFAMCnVD4vD9q5WlAd/5P
MoGjDYNn1T/9Ht5TVXRVbWcr21xy/BcaOSl1EEL7quyGga28QpUlairBsHSegihl
LCtoQ4BLsl5XBokLniexWmg+ejLIjjvu3khtqDgs9ktpFmrq/2E7Lc2kTZto50QV
XKlAMKxGn6t94IP7Vgq4il4TM9QyqZfWcaRazhAV0lYrTnyvpl8+sB9X0XRcZGeu
pCACCNMQFbHdulsBAUz0e+wfOG4NbxtrMwh7uYhagJGHxs5EdLA=
=+pqO
-----END PGP SIGNATURE-----