From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 15 Feb 2024 21:06:56 +0000 (+0000)
Subject: Merge version 1.0.11-0+deb11u1+rpi1 and 1.0.11-0+deb11u3 to produce 1.0.11-0+deb11u3... 
X-Git-Tag: archive/raspbian/1.0.11-0+deb11u3+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b24f8a2e243bd164e33efadb9dcf55aeb19ed1ff;p=libde265.git

Merge version 1.0.11-0+deb11u1+rpi1 and 1.0.11-0+deb11u3 to produce 1.0.11-0+deb11u3+rpi1
---

b24f8a2e243bd164e33efadb9dcf55aeb19ed1ff
diff --cc debian/changelog
index 8bedea5,cda5d7e..6cab492
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,31 +1,38 @@@
- libde265 (1.0.11-0+deb11u1+rpi1) bullseye-staging; urgency=medium
++libde265 (1.0.11-0+deb11u3+rpi1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1.0.2-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 04 Oct 2015 21:44:10 +0000]
 +  * Disable neon.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sun, 12 Feb 2023 01:07:52 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 15 Feb 2024 21:06:55 +0000
++
+ libde265 (1.0.11-0+deb11u3) bullseye; urgency=high
+ 
+   * Non-maintainer upload by the LTS Team.
+     (Closes: #1059275)
+   * CVE-2023-49465
+     heap-buffer-overflow in derive_spatial_luma_vector_prediction()
+   * CVE-2023-49467
+     heap-buffer-overflow in derive_combined_bipredictive_merging_candidates()
+   * CVE-2023-49468
+     global buffer overflow in read_coding_unit()
+ 
+  -- Thorsten Alteholz <debian@alteholz.de>  Fri, 29 Dec 2023 23:03:02 +0100
+ 
+ libde265 (1.0.11-0+deb11u2) bullseye; urgency=high
+ 
+   * Non-maintainer upload by the LTS Team.
+   * CVE-2023-27102 (Closes: #1033257)
+     fix segmentation violation in the
+     function decoder_context::process_slice_segment_header
+   * CVE-2023-27103
+     fix heap buffer overflow in the
+     function derive_collocated_motion_vectors
+   * CVE-2023-43887
+     fix buffer over-read in pic_parameter_set::dump
+   * CVE-2023-47471 (Closes: #1056187)
+     fix buffer overflow in the slice_segment_header function
+ 
+  -- Thorsten Alteholz <debian@alteholz.de>  Sun, 26 Nov 2023 13:03:02 +0100
  
  libde265 (1.0.11-0+deb11u1) bullseye-security; urgency=high
  
diff --cc debian/patches/series
index b9b42f0,8e17d29..3a7f904
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -3,4 -3,12 +3,12 @@@ disable_tools.patc
  reject_reference_pics_from_different_sps.patch
  use_sps_from_the_image.patch
  recycle_sps_if_possible.patch
+ 
+ CVE-2023-27102.patch
+ CVE-2023-27103.patch
+ CVE-2023-43887.patch
+ CVE-2023-47471.patch
 -
+ CVE-2023-49465.patch
+ CVE-2023-49467.patch
+ CVE-2023-49468.patch
 +disable-neon.patch