summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Tobias Frost [Mon, 12 Dec 2022 13:03:12 +0000 (14:03 +0100)]
[PATCH] Try to mitigate asan failures.
See #345 for my analysis and details…
(This PR is just for discussion.)
(The CVE references are obtained from the Debian security tracker,
which links the issues.)
This makes the following POCs stop failing:
- poc3 (#337)
- poc7-1 (#341) CVE-2022-43239 (note: does NOT fix poc7-2)
- poc8-2, poc8-3, poc8-4 (#342) CVE-2022-43244 (note: does NOT fix poc8-1)
- poc11-1, poc11-2 (#345) CVE-2022-43249
- poc12 (#346)
- poc13 (#347) CVE-2022-43252
- poc16 (#350)
Gbp-Pq: Name reject_reference_pics_from_different_sps.patch
Dirk Farin [Tue, 5 Apr 2022 18:00:20 +0000 (20:00 +0200)]
[PATCH] fix reading invalid images where shdr references are NULL in part of the image (#302)
Gbp-Pq: Name CVE-2021-36411.patch
Dirk Farin [Tue, 5 Apr 2022 17:27:04 +0000 (19:27 +0200)]
[PATCH] fix MC with HDR chroma, but SDR luma (#301)
Gbp-Pq: Name CVE-2021-36410.patch
Dirk Farin [Tue, 5 Apr 2022 15:53:43 +0000 (17:53 +0200)]
[PATCH] fix assertion when reading invalid scaling_list (#300)
Gbp-Pq: Name CVE-2021-36409.patch
Dirk Farin [Tue, 5 Apr 2022 16:41:28 +0000 (18:41 +0200)]
[PATCH] fix streams where SPS image size changes without refreshing PPS (#299)
Gbp-Pq: Name CVE-2021-36408.patch
Dirk Farin [Tue, 5 Apr 2022 17:35:46 +0000 (19:35 +0200)]
[PATCH] fix check for valid PPS idx (#298)
Gbp-Pq: Name CVE-2021-35452.patch
Dirk Farin [Tue, 23 Feb 2021 14:11:09 +0000 (15:11 +0100)]
[PATCH] return error when PCM bits parameter exceeds pixel depth (#225)
Gbp-Pq: Name CVE-2020-21599.patch
Debian Multimedia Maintainers [Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)]
fix invalid memory access after unavailable reference frame insertion
Origin: https://github.com/strukturag/libde265/commit/
ee8e09a7f6f65b7c409c7801ad64918a2925ed9b
Reviewed-by: Tobias Frost <tobi@debian.org>
Last-Update: 2023-01-24 <YYYY-MM-DD, last update of the meta-information, optional>
Needed to avoid asan errors for the version at hand, otherwise the crash even
happens before the pocs triggers.
Last-Update: 2023-01-24 <YYYY-MM-DD, last update of the meta-information, optional>
Gbp-Pq: Name fix-invalid-memory-access.patch
Andreas Cadhalpun [Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)]
Replace deprecated FFmpeg API
Last-Update: <2015-11-02>
Gbp-Pq: Name ffmpeg_2.9.patch
Joachim Bauch [Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)]
Disable building of some internal tools that no longer link
because internal symbols are not exported.
Gbp-Pq: Name disable_tools.patch
Joachim Bauch [Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)]
Only export symbols defined in the decoder API.
The encoder API is not final yet, so upstream exports all symbols to make
development easier. For packaging we only want to expose the public API.
Gbp-Pq: Name only_export_decoder_api.patch
Tobias Frost [Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)]
libde265 (1.0.3-1+deb10u3) buster-security; urgency=medium
* Non-maintainer upload by the LTS Security Team.
* Source-only upload. (Last upload was accidentially a binary-upload)
[dgit import unpatched libde265 1.0.3-1+deb10u3]
Tobias Frost [Tue, 24 Jan 2023 21:39:16 +0000 (21:39 +0000)]
Import libde265_1.0.3-1+deb10u3.debian.tar.xz
[dgit import tarball libde265 1.0.3-1+deb10u3 libde265_1.0.3-1+deb10u3.debian.tar.xz]
Joachim Bauch [Thu, 19 Apr 2018 09:44:40 +0000 (10:44 +0100)]
Import libde265_1.0.3.orig.tar.gz
[dgit import orig libde265_1.0.3.orig.tar.gz]
projects / libde265.git / log