[ubuntu/focal-security] libde265 1.0.4-1ubuntu0.2 (Accepted)

[Fabian Toepfer]

libde265 (1.0.4-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2021-35452.patch: fix check for valid PPS idx.
    - CVE-2021-35452
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2021-36409.patch: fix assertion when reading
      invalid scaling_list.
    - CVE-2021-36409
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2021-36410.patch: fix MC with HDR chroma, but
      SDR luma.
    - CVE-2021-36410
  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2021-36411.patch: fix reading invalid images
      where shdr references are NULL in part of the image.
    - CVE-2021-36411
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2022-43236.patch: check that image bit-depth
      matches SPS bit depth.
    - CVE-2022-43235
    - CVE-2022-43236
    - CVE-2022-43248
    - CVE-2022-43253
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2022-43237.patch: check that image chroma
      format matches the SPS chroma format.
    - CVE-2022-43237
    - CVE-2022-43243
    - CVE-2022-43252
  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2022-43238.patch: check that image size
      matches sps.
    - CVE-2022-43238
    - CVE-2022-43239
    - CVE-2022-43240
    - CVE-2022-43241
    - CVE-2022-43242
  * Add d/p/fix-invalid-memory-access-after-unavailable-reference-frame-insertion.patch

Date: 2024-02-07 19:58:15.032525+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/libde265/1.0.4-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.