[ubuntu/mantic-proposed] libvpx 1.12.0-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Oct 5 13:30:46 UTC 2023 

libvpx (1.12.0-1ubuntu2) mantic; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow in vp8 encoding
    - debian/patches/CVE-2023-5217-1.patch: add ConfigResizeChangeThreadCount
      to test/encode_api_test.cc.
    - debian/patches/CVE-2023-5217-2.patch: disallow thread count changes
      in test/encode_api_test.cc, vp8/encoder/onyx_if.c.
    - CVE-2023-5217
  * SECURITY UPDATE: Width mishandling in vp9 encoding
    - debian/patches/CVE-2023-44488.patch: fix bug with smaller width
      bigger size in test/resize_test.cc, vp9/common/vp9_alloccommon.c,
      vp9/encoder/vp9_encoder.c.
    - CVE-2023-44488

Date: Mon, 02 Oct 2023 06:43:10 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libvpx/1.12.0-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 02 Oct 2023 06:43:10 -0400
Source: libvpx
Built-For-Profiles: noudeb
Architecture: source
Version: 1.12.0-1ubuntu2
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libvpx (1.12.0-1ubuntu2) mantic; urgency=medium
 .
   * SECURITY UPDATE: Heap buffer overflow in vp8 encoding
     - debian/patches/CVE-2023-5217-1.patch: add ConfigResizeChangeThreadCount
       to test/encode_api_test.cc.
     - debian/patches/CVE-2023-5217-2.patch: disallow thread count changes
       in test/encode_api_test.cc, vp8/encoder/onyx_if.c.
     - CVE-2023-5217
   * SECURITY UPDATE: Width mishandling in vp9 encoding
     - debian/patches/CVE-2023-44488.patch: fix bug with smaller width
       bigger size in test/resize_test.cc, vp9/common/vp9_alloccommon.c,
       vp9/encoder/vp9_encoder.c.
     - CVE-2023-44488
Checksums-Sha1:
 cedfeffdf48b0ebeb7f7d06f30428c5a228ce30d 2352 libvpx_1.12.0-1ubuntu2.dsc
 45193ac3d365647cb22e7b9716c498449b2540ee 15560 libvpx_1.12.0-1ubuntu2.debian.tar.xz
 d68ee308a020094798ff38eb96b99e4ec2e44cd6 6278 libvpx_1.12.0-1ubuntu2_source.buildinfo
Checksums-Sha256:
 b9372cd2ff434ecabda79cfd659bddf66bcc6d57d0d411aad6466ebc41a18272 2352 libvpx_1.12.0-1ubuntu2.dsc
 15209ca2c1b52f24703bf1e8b97149aa3f80ad853ff58b717ce4eba516417cfa 15560 libvpx_1.12.0-1ubuntu2.debian.tar.xz
 74fac4f8f089dc3276b469728b9a3d66911b9d462aac60f8d9979c5ed2d32757 6278 libvpx_1.12.0-1ubuntu2_source.buildinfo
Files:
 0a938ea3a6269c22755636df413ed67b 2352 video optional libvpx_1.12.0-1ubuntu2.dsc
 232829b77dbbb6a8679f40587c943c64 15560 video optional libvpx_1.12.0-1ubuntu2.debian.tar.xz
 16d9509627332af41f5386a4d9ee8bbe 6278 video optional libvpx_1.12.0-1ubuntu2_source.buildinfo
Original-Maintainer: Debian Multimedia Maintainers <debian-multimedia at lists.debian.org>

More information about the mantic-changes mailing list