From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 4 Jan 2024 22:53:15 +0000 (+0000)
Subject: Merge version 1.0.11-0+deb10u5+rpi1 and 1.0.11-0+deb10u6 to produce 1.0.11-0+deb10u6... 
X-Git-Tag: raspbian/1.0.11-0+deb10u6+rpi1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=13474fe9aca4148c83000bb802b700617965ac0d;p=libde265.git

Merge version 1.0.11-0+deb10u5+rpi1 and 1.0.11-0+deb10u6 to produce 1.0.11-0+deb10u6+rpi1
---

30fbea0b0a5a073ac13cbc430de45ddf82841e11
diff --cc debian/changelog
index a2c3512,08bac60..40967ae
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,14 +1,21 @@@
- libde265 (1.0.11-0+deb10u5+rpi1) buster-staging; urgency=medium
++libde265 (1.0.11-0+deb10u6+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought forward from 1.0.2-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 04 Oct 2015 21:44:10 +0000]
 +  * Disable neon.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 01 Dec 2023 04:27:57 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 04 Jan 2024 22:53:14 +0000
++
+ libde265 (1.0.11-0+deb10u6) buster-security; urgency=high
+ 
+   * Non-maintainer upload by the LTS Team.
+   * CVE-2023-49465
+     heap-buffer-overflow in derive_spatial_luma_vector_prediction()
+   * CVE-2023-49467
+     heap-buffer-overflow in derive_combined_bipredictive_merging_candidates()
+   * CVE-2023-49468
+     global buffer overflow in read_coding_unit()
+ 
+  -- Thorsten Alteholz <debian@alteholz.de>  Fri, 29 Dec 2023 23:03:02 +0100
  
  libde265 (1.0.11-0+deb10u5) buster-security; urgency=medium
  
diff --cc debian/patches/series
index 6a0e030,7fc88c4..40e275b
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -7,4 -7,8 +7,8 @@@ CVE-2023-27102.patc
  CVE-2023-27103.patch
  CVE-2023-43887.patch
  CVE-2023-47471.patch
+ 
+ CVE-2023-49465.patch
+ CVE-2023-49467.patch
+ CVE-2023-49468.patch
 -
 +disable-neon.patch