- libde265 (1.0.9-1+rpi1) bookworm-staging; urgency=medium
++libde265 (1.0.9-1.1+rpi1) bookworm-staging; urgency=medium
+
+ [changes brought forward from 1.0.2-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 04 Oct 2015 21:44:10 +0000]
+ * Disable neon.
+
- -- Raspbian forward porter <root@raspbian.org> Tue, 01 Nov 2022 19:37:16 +0000
++ -- Raspbian forward porter <root@raspbian.org> Sun, 29 Jan 2023 07:57:27 +0000
++
+ libde265 (1.0.9-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply patches to mitigate asan failures:
+ reject_reference_pics_from_different_sps.patch and
+ use_sps_from_the_image.patch.
+ * Combined, this two patches fixes:
+ - CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816)
+ - CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238,
+ CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242,
+ CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179)
+ - CVE-2022-47655
+ * Additional patch recycle_sps_if_possible.patch to avoid over-rejecting
+ valid video streams due to reject_reference_pics_from_different_sps.patch.
+ * Modifying past changelog entries to indicate when vulnerabilities were
+ fixed:
+ - In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999
+ - In 1.0.3-1, 1 CVE, see #1029396
+ * drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev
+ (Closes: #981260)
+
+ -- Tobias Frost <tobi@debian.org> Sun, 22 Jan 2023 13:19:20 +0100
libde265 (1.0.9-1) unstable; urgency=medium
projects / libde265.git / commitdiff