Bug#1056187: marked as done (libde265: CVE-2023-47471)
Your message dated Sat, 30 Dec 2023 19:47:26 +0000
with message-id <E1rJfIs-00D4Vd-SQ@fasolo.debian.org>
and subject line Bug#1056187: fixed in libde265 1.0.11-0+deb11u2
has caused the Debian Bug report #1056187,
regarding libde265: CVE-2023-47471
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1056187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056187
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libde265: CVE-2023-47471
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 18 Nov 2023 15:54:59 +0100
- Message-id: <170031929978.3151185.726979517997783071.reportbug@eldamar.lan>
Source: libde265
Version: 1.0.12-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/strukturag/libde265/issues/426
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for libde265.
CVE-2023-47471[0]:
| Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows
| a local attacker to cause a denial of service via the
| slice_segment_header function in the slice.cc component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-47471
https://www.cve.org/CVERecord?id=CVE-2023-47471
[1] https://github.com/strukturag/libde265/issues/426
[2] https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libde265
Source-Version: 1.0.11-0+deb11u2
Done: Thorsten Alteholz <debian@alteholz.de>
We believe that the bug you reported is fixed in the latest version of
libde265, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1056187@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated libde265 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Nov 2023 13:03:02 +0100
Source: libde265
Architecture: source
Version: 1.0.11-0+deb11u2
Distribution: bullseye
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1033257 1056187
Changes:
libde265 (1.0.11-0+deb11u2) bullseye; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2023-27102 (Closes: #1033257)
fix segmentation violation in the
function decoder_context::process_slice_segment_header
* CVE-2023-27103
fix heap buffer overflow in the
function derive_collocated_motion_vectors
* CVE-2023-43887
fix buffer over-read in pic_parameter_set::dump
* CVE-2023-47471 (Closes: #1056187)
fix buffer overflow in the slice_segment_header function
Checksums-Sha1:
323d9b80f6aec739cd5760cdc92c58c102f5181c 2417 libde265_1.0.11-0+deb11u2.dsc
107e0bc48b2748adfd535e15186d0f84a6e152fe 845996 libde265_1.0.11.orig.tar.gz
c2e107908d7c0de65d20b4dafc37817228f65833 15072 libde265_1.0.11-0+deb11u2.debian.tar.xz
df2602089184a8c29466a9ce1dd7a3e787b66ac1 13399 libde265_1.0.11-0+deb11u2_amd64.buildinfo
Checksums-Sha256:
fbea6dd14f60179a8cf080a916aeee342e7a20dee09fbb5586a0a6eefb6d824a 2417 libde265_1.0.11-0+deb11u2.dsc
2f8f12cabbdb15e53532b7c1eb964d4e15d444db1be802505e6ac97a25035bab 845996 libde265_1.0.11.orig.tar.gz
a7cfc1eedb4d87654519d6e3588795e6e8b1031e668a6f1e72ce26a9cd6fd408 15072 libde265_1.0.11-0+deb11u2.debian.tar.xz
b8a31e5c6658b1b51d3b8488eb9f92b3deeeca9d1e52e5da8cb7ac31c7e595a6 13399 libde265_1.0.11-0+deb11u2_amd64.buildinfo
Files:
f32469a2fb18474a758a0d2891c83532 2417 libs optional libde265_1.0.11-0+deb11u2.dsc
2b07416559819212aed2fd75f74fd393 845996 libs optional libde265_1.0.11.orig.tar.gz
84f7d690d61f907a5f89e1d895cd7ef4 15072 libs optional libde265_1.0.11-0+deb11u2.debian.tar.xz
26fb0d36e52a323f7312eed0a3c008b0 13399 libs optional libde265_1.0.11-0+deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmWMscVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRxNIEACACAZNOKK8pxTVoJLHdGLsyseJA8+b
Nl1eL9vJhvhIUxz+2qkwhbx+o2oy73Qg+ZO/8rW/Baw/oIswV/BnoSW1UJQlyo0U
667wFlh+kmEiyWI9CfW3Irve1ovuNewWpSrMqlQzy/08f0BbtXlZmze5emVLjj9d
G/SHGhGky6Hk/HXdwpnNYEVtGNsBRM21sKF1Avt335U5LP282VWPHiMhJ2MLAn4W
rLl+6NcmGcOWsAy27KI0cwlmruDUduqxM+vHzGXOSJ5bN8rZrVtjC1uO427Y5SWm
8Kx6gVsu6JVPN4f9nkZ+Mxyj1OoXcXOkj6W0+cdrPOd1bQWP5zaVOcNW+wHAg3xv
q1mOIDbpl66Asuc4Bd9IFjXmzXUykXIHyIRvVp9CgNtN2303y/T4/5htvHBRY++Z
4tdkSOCyg2azIfENofKb/e7JUk//NTIw1zluRWomw8dPFj98qhsMWk72px1Q73aG
3G0SArlUg3RHfFJIYBVKOfFE8kQbMWYBzPzPs307YYz3fPqoA0PLgJkDabDL0hUD
/CIIXQ2m8VNmr+cX07qTDmwdmuAPE/T3kKxsAHcaVRLHD68vV5LVmzGD8tP0Vllo
khOn1S1d8mi0Amm8vMGzzgpmRbG9lN/Vv0BCfgE+7GibNEMFnSzFhyPDLWc7K4jU
Ed7TAdepTNtDeQ==
=QYeK
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: