[ubuntu/focal-security] libde265 1.0.4-1ubuntu0.3 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Mon Feb 26 18:52:16 UTC 2024
libde265 (1.0.4-1ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2022-43245.patch: fix illegal table access
when input pixel is out of range.
- CVE-2022-43245
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-43249.patch: checking in MC whether
bit-depths match.
- CVE-2022-43244
- CVE-2022-43249
- CVE-2022-43250
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-47665.patch: image's ctb_info has to be
reallocated also when dimensions change even if total number of
CTBs stays the same.
- CVE-2022-47665
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24751.patch: another MC fix for
monochroma images.
- CVE-2023-24751
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24752.patch: another MC fix for
monochroma images.
- CVE-2023-24752
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24754.patch: fix for monochrome MC.
- CVE-2023-24754
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24755.patch: fix for monochrome MC.
- CVE-2023-24755
- CVE-2023-24756
- CVE-2023-24757
- CVE-2023-24758
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-25221.patch: check for invalid refIdx.
- CVE-2023-25221
* Add patches:
- d/p/check-for-negative-q-values-in-invalid-input-streams.patch
Date: 2024-02-14 20:20:38.726820+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/libde265/1.0.4-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list