libde265 (1.0.9-1.1) [PTS] [DDPO]

COMMITS: VCS has seen 8 commits since the debian/1.0.9-1 tag

Git: https://salsa.debian.org/multimedia-team/libde265.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 4599808
Browser: https://salsa.debian.org/multimedia-team/libde265
Last scan: 2023-01-22 16:03:01+00
Next scan: 2023-01-28 06:27:00+00

Debian changelog in Git:

libde265 (1.0.9-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Apply patches to mitigate asan failures:
    reject_reference_pics_from_different_sps.patch and
    use_sps_from_the_image.patch.
  * Combined, this two patches fixes:
    - CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816)
    - CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238,
      CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242,
      CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179)
    - CVE-2022-47655
  * Additional patch recycle_sps_if_possible.patch to avoid over-rejecting
    valid video streams due to reject_reference_pics_from_different_sps.patch.
  * Modifying past changelog entries to indicate when vulnerabilities were
    fixed:
    - In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999
    - In 1.0.3-1, 1 CVE, see #1029396
  * drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev
    (Closes: #981260)

 -- Tobias Frost <tobi@debian.org>  Sun, 22 Jan 2023 13:19:20 +0100

This branch is 8 commits ahead of tag debian/1.0.9-1

Git log:

commit 6348bc9c4e0ba7a8de24873706fca067f6966f33
Merge: 1e8445e d608dfd
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sun Jan 22 13:46:45 2023 +0000

    Merge branch 'tobi_NMU_15_CVE' into 'master'
    
    Tobi nmu 15 cve
    
    See merge request multimedia-team/libde265!3

commit d608dfd934948b226c127f0a49a12aeedf4242bd
Author: Tobias Frost <tobi@debian.org>
Date:   Sun Jan 22 13:26:25 2023 +0100

    Make my patch less noisy.

commit ae4dc960bf4781103dd9cf51eb90882e28b75e15
Author: Tobias Frost <tobi@debian.org>
Date:   Sun Jan 22 13:19:33 2023 +0100

    Touch changelog.

commit 7ca2c432e2dd3ed5b346e64ed3abeda0dfbb4c79
Author: Tobias Frost <tobi@debian.org>
Date:   Sun Jan 22 13:09:15 2023 +0100

    drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev, Closes: #981260

commit 6b216650c91f3dcc1529991d8504ba08073bb3a6
Author: Tobias Frost <tobi@debian.org>
Date:   Sun Jan 22 12:37:02 2023 +0100

    Add more CVE references to the changelog.

commit 47407ace0b37d53e59f2ef894917d4415e004207
Author: Tobias Frost <tobi@debian.org>
Date:   Sun Jan 22 09:39:10 2023 +0100

    Add notations which CVEs where fixed with 1.0.9-1, see #1004963 for details.

commit 7586408092d3d047e334550298e9a5e943255e9b
Author: Tobias Frost <tobi@debian.org>
Date:   Sat Jan 21 18:02:23 2023 +0100

    Enable salsa cI.

commit 01e1b8d4637dd4859e96020f2ce664c4b789dad5
Author: Tobias Frost <tobi@debian.org>
Date:   Sat Jan 21 17:58:53 2023 +0100

    Try to fix 15 CVE's