libde265 (1.0.4-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2023-27102.patch: check whether referenced
      PPS exists.
    - CVE-2023-27102
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-27103.patch: check for valid slice
      header index access.
    - CVE-2023-27103
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-43887.patch: fix buffer overflow via the
      num_tile_columns and num_tile_row parameters in the function
      pic_parameter_set::dump.
    - CVE-2023-43887
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-47471.patch: check for null-pointer in
      functon slice_segment_header::dump_slice_segment_header.
    - CVE-2023-47471
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-49465.patch: fix buffer overflow via the
      derive_spatial_luma_vector_prediction function.
    - CVE-2023-49465
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-49467.patch: prevent endless loop in
      decode_ref_idx_lX function when numRefIdxLXActive is invalid.
    - CVE-2023-49467
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-49468.patch: sanitize values if IPM is
      uninitialized in get_IntraPredMode function.
    - CVE-2023-49468

 -- Fabian Toepfer <fabian.toepfer@canonical.com>  Fri, 01 Mar 2024 10:52:18 +0100

libde265 (1.0.4-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2022-43245.patch: fix illegal table access
      when input pixel is out of range.
    - CVE-2022-43245
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2022-43249.patch: checking in MC whether
      bit-depths match.
    - CVE-2022-43244
    - CVE-2022-43249
    - CVE-2022-43250
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2022-47665.patch: image's ctb_info has to be
      reallocated also when dimensions change even if total number of
      CTBs stays the same.
    - CVE-2022-47665
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24751.patch: another MC fix for
      monochroma images.
    - CVE-2023-24751
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24752.patch: another MC fix for
      monochroma images.
    - CVE-2023-24752
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24754.patch: fix for monochrome MC.
    - CVE-2023-24754
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24755.patch: fix for monochrome MC.
    - CVE-2023-24755
    - CVE-2023-24756
    - CVE-2023-24757
    - CVE-2023-24758
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-25221.patch: check for invalid refIdx.
    - CVE-2023-25221
  * Add patches:
    - d/p/check-for-negative-q-values-in-invalid-input-streams.patch

 -- Fabian Toepfer <fabian.toepfer@canonical.com>  Wed, 14 Feb 2024 20:39:49 +0100

libde265 (1.0.4-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2021-35452.patch: fix check for valid PPS idx.
    - CVE-2021-35452
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2021-36409.patch: fix assertion when reading
      invalid scaling_list.
    - CVE-2021-36409
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2021-36410.patch: fix MC with HDR chroma, but
      SDR luma.
    - CVE-2021-36410
  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2021-36411.patch: fix reading invalid images
      where shdr references are NULL in part of the image.
    - CVE-2021-36411
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2022-43236.patch: check that image bit-depth
      matches SPS bit depth.
    - CVE-2022-43235
    - CVE-2022-43236
    - CVE-2022-43248
    - CVE-2022-43253
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2022-43237.patch: check that image chroma
      format matches the SPS chroma format.
    - CVE-2022-43237
    - CVE-2022-43243
    - CVE-2022-43252
  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2022-43238.patch: check that image size
      matches sps.
    - CVE-2022-43238
    - CVE-2022-43239
    - CVE-2022-43240
    - CVE-2022-43241
    - CVE-2022-43242
  * Add d/p/fix-invalid-memory-access-after-unavailable-reference-frame-insertion.patch

 -- Fabian Toepfer <fabian.toepfer@canonical.com>  Tue, 06 Feb 2024 16:51:20 +0100

libde265 (1.0.4-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow vulnerability
    - debian/patches/CVE-2020-21596.patch: initialize newly created
      CABAC model table.
    - CVE-2020-21596
  * SECURITY UPDATE: heap buffer overflow vulnerability
    - debian/patches/CVE-2020-21605.patch: return error when PCM bits
      parameter exceeds pixel depth.
    - CVE-2020-21595
    - CVE-2020-21599
    - CVE-2020-21600
    - CVE-2020-21601
    - CVE-2020-21602
    - CVE-2020-21603
    - CVE-2020-21604
    - CVE-2020-21605
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2021-36408.patch: fix streams where SPS image
      size changes without refreshing PPS.
    - CVE-2020-21597
    - CVE-2020-21598
    - CVE-2020-21606
    - CVE-2021-36408 

 -- Fabian Toepfer <fabian.toepfer@canonical.com>  Fri, 26 Jan 2024 20:57:57 +0100

libde265 (1.0.4-1build1) focal; urgency=medium

  * No-change rebuild for libgcc-s1 package name change.

 -- Matthias Klose <doko@ubuntu.com>  Sun, 22 Mar 2020 16:45:42 +0100

libde265 (1.0.4-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * Use debhelper-compat instead of debian/compat

  [ Joachim Bauch ]
  * Imported Upstream version 1.0.4
  * Enable hardening.
  * Specify Build-Depends-Package in symbols.
  * Ignore more internal STL symbols.
  * Bump "Standards-Version" to 4.4.1
  * Update to debhelper compat level 12.

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database, Repository, Repository-
    Browse.

  [ Sebastian Ramacher ]
  * debian/rules: Remove obsolete dh_strip override

 -- Joachim Bauch <bauch@struktur.de>  Fri, 20 Dec 2019 12:17:15 +0100

libde265 (1.0.3-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field
  * d/control: Set Vcs-* to salsa.debian.org

  [ Felipe Sateler ]
  * Change maintainer address to debian-multimedia@lists.debian.org

  [ Joachim Bauch ]
  * Imported Upstream version 1.0.3
  * Update patches for new upstream version.
  * Update symbols for new upstream version.
  * Update standards version and switch to debhelper 10.

 -- Joachim Bauch <bauch@struktur.de>  Thu, 19 Apr 2018 11:44:40 +0200

libde265 (1.0.2-2) unstable; urgency=low

  [ Joachim Bauch ]
  * Added patch by Andreas Cadhalpun to fix compilation with FFmpeg 2.9
    (Closes: #803834)
  * Updated symbols file for new C++11 symbols.

  [ Sebastian Ramacher ]
  * Migrate to automatic dbg packages.
  * debian/control: Remove some unnecessary Build-Depends.

 -- Joachim Bauch <bauch@struktur.de>  Mon, 11 Jan 2016 19:12:19 +0100

libde265 (1.0.2-1) unstable; urgency=low

  * Imported Upstream version 1.0.2
  * Added new files to copyright information.
  * Only export decoder API and update symbols for new version.

 -- Joachim Bauch <bauch@struktur.de>  Thu, 16 Jul 2015 11:07:46 +0200

libde265 (0.9-1) unstable; urgency=low

  * Updated symbols to make all "std::vector" symbols optional.
  * Imported Upstream version 0.9
  * Removed deprecated patch to update symbols visibility. Changes were
    applied upstream.
  * Upstream supports compiling against Qt5, prefer that over Qt4.
  * Added new symbols from new upstream release.

 -- Joachim Bauch <bauch@struktur.de>  Tue, 16 Sep 2014 18:47:14 +0200

libde265 (0.8-1) unstable; urgency=low

  * Initial release. (Closes: #744190)

 -- Joachim Bauch <bauch@struktur.de>  Fri, 08 Aug 2014 17:23:37 +0200
