Bug#1056187: marked as done (libde265: CVE-2023-47471)
Your message dated Sun, 03 Dec 2023 12:32:11 +0000
with message-id <E1r9ldr-007MmU-VB@fasolo.debian.org>
and subject line Bug#1056187: fixed in libde265 1.0.11-1+deb12u1
has caused the Debian Bug report #1056187,
regarding libde265: CVE-2023-47471
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1056187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056187
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libde265: CVE-2023-47471
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 18 Nov 2023 15:54:59 +0100
- Message-id: <170031929978.3151185.726979517997783071.reportbug@eldamar.lan>
Source: libde265
Version: 1.0.12-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/strukturag/libde265/issues/426
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for libde265.
CVE-2023-47471[0]:
| Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows
| a local attacker to cause a denial of service via the
| slice_segment_header function in the slice.cc component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-47471
https://www.cve.org/CVERecord?id=CVE-2023-47471
[1] https://github.com/strukturag/libde265/issues/426
[2] https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libde265
Source-Version: 1.0.11-1+deb12u1
Done: Thorsten Alteholz <debian@alteholz.de>
We believe that the bug you reported is fixed in the latest version of
libde265, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1056187@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated libde265 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Nov 2023 13:03:02 +0100
Source: libde265
Architecture: source
Version: 1.0.11-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1033257 1056187
Changes:
libde265 (1.0.11-1+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2023-27102 (Closes: #1033257)
fix segmentation violation in the
function decoder_context::process_slice_segment_header
* CVE-2023-27103
fix heap buffer overflow in the
function derive_collocated_motion_vectors
* CVE-2023-43887
fix buffer over-read in pic_parameter_set::dump
* CVE-2023-47471 (Closes: #1056187)
fix buffer overflow in the slice_segment_header function
Checksums-Sha1:
d382e3ce62a808bc2c773c367760a737fa49d0ac 2381 libde265_1.0.11-1+deb12u1.dsc
107e0bc48b2748adfd535e15186d0f84a6e152fe 845996 libde265_1.0.11.orig.tar.gz
a4c30c24f78102e18488913df8442c459ba0cb7d 15512 libde265_1.0.11-1+deb12u1.debian.tar.xz
4ce03a6388d5195b3ebf89f9821258549d430686 12670 libde265_1.0.11-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
6c8d2332e81b73be23fba2ce6cae7c71dbbd8974f006f26f4ab16ce8dd349cb1 2381 libde265_1.0.11-1+deb12u1.dsc
2f8f12cabbdb15e53532b7c1eb964d4e15d444db1be802505e6ac97a25035bab 845996 libde265_1.0.11.orig.tar.gz
0c33577ab6a790c221dea6c6397365db46c214394127e718baaae6b3c0fdece0 15512 libde265_1.0.11-1+deb12u1.debian.tar.xz
ecd392aa7492a6f143174ab6567c0dc01c93bc2efbc63a3fbb389e24095a29e9 12670 libde265_1.0.11-1+deb12u1_amd64.buildinfo
Files:
eeb81a6583e55014e0147462bc3d4cca 2381 libs optional libde265_1.0.11-1+deb12u1.dsc
2b07416559819212aed2fd75f74fd393 845996 libs optional libde265_1.0.11.orig.tar.gz
074f80f8a400c3ba805695145e99f9db 15512 libs optional libde265_1.0.11-1+deb12u1.debian.tar.xz
c585c90e35109473d0d9a6a10f6644ad 12670 libs optional libde265_1.0.11-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmVrthhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2HZD/9XrBGvwSzpKXcqPKCJAeEu7WdEjDTQ
QQ0gAUeMs4mV0ZjTBdmYNS0old4aCSw4Id2q70a4zNt+ZOBZcw4RuYn2JPc0TThi
kR6BYiWwMW+xecOtG4NwaZz1mtJjNQqNCokmbbaw9qcpgySVhVJ/BE0ew4BLWfws
qASHxjFclFHmy8YnuJ3M92S/0byreVpsqZz59hAlyOwwfeAGnd3chvP78g6u2pBR
z3xCDmKJSRx/4NatJG5VbXFPrE17S9Z1XJpBSrwXEJUjQtRmPYhKwtPkLlocaJo2
ttnP5FrzlbOicYLPAJW0Ct34+q/3ZadqkKtuwnioM0EZq+LjmeZxdvE2Fa+llIOY
Ex74rqIzF31Wta7yidcUoV8P5Kl48PLuYwxe1HaoDu/asfCbnAKnFooPpnSZSin8
au8/2VvoEIrz+qdTEHG3hBPa01Kt5oigh5dSeg3WNW3a/pISAaxprMNqTolsc87U
Hn3yIlIjFuoylUefau947mANigzmd4LwyqpCOb742bz2nf/fKqE5dSfeNcKAX1q2
mUTpEwT/ya6chow//kbQELF3rOXeySyIFNkCZsQ7v9k7ud0SvUM2mFMkeOgFIvFu
U+uOSmat+h0J5H7UjqNyqR8wBehX53iJw7D/qNSHht43CF0TwiytTo0e1sjx7EmA
RwKv9BwEmkdLNQ==
=cwYr
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: