Accepted libavif 0.8.4-2+deb11u2 (source) into oldstable-security

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libavif 0.8.4-2+deb11u2 (source) into oldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 27 May 2025 01:40:20 +0000
Message-id: <[🔎] E1uJjIi-007AfQ-Dl@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 May 2025 21:37:01 -0300
Source: libavif
Architecture: source
Version: 0.8.4-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Carlos Henrique Lima Melara <charlesmelara@riseup.net>
Closes: 1105883 1105885
Changes:
 libavif (0.8.4-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * debian/gbp.conf: add file with minimal settings and debian/bullseye
     default.
   * debian/patches/:
       - CVE-2025-48174.patch: import patch from bookworm suggested by
         upstream and backport patch. (Closes: #1105885)
           + CVE-2025-48174: makeRoom in stream.c has an integer overflow and
             resultant buffer overflow in stream->offset+size.
       - CVE-2025-48175.patch: import patch from bookworm suggested by
         upstream and backport patch. (Closes: #1105883)
           + CVE-2025-48175: avifImageRGBToYUV in reformat.c has integer
             overflows in multiplications.
   * debian/salsa-ci.yml: add (E)LTS pipeline for bullseye.
Checksums-Sha1:
 507c23a8476935eb6ac8305bfbc5ae180535d411 2371 libavif_0.8.4-2+deb11u2.dsc
 f49f1e78f44add0478a2081df98c06afb3b27e68 2952844 libavif_0.8.4.orig.tar.gz
 2cc3a0924a93fd758e0bc138760e96b8a1332cc4 7504 libavif_0.8.4-2+deb11u2.debian.tar.xz
 a6f2314d3809685ed502b58724c7a5ca105a76ce 11527 libavif_0.8.4-2+deb11u2_amd64.buildinfo
Checksums-Sha256:
 2542828fc581dac3e0ab625eae368bdb6bbd375ae1e2a3859024ecd25d82b416 2371 libavif_0.8.4-2+deb11u2.dsc
 116b46a9a497c6ef178c5a20b912d8ac02f888dc8c537e40b5d16700823a9b16 2952844 libavif_0.8.4.orig.tar.gz
 55bf0441730f1ca960aacf6172e45244c4445df14b83a1abb8d87e57c6d5b275 7504 libavif_0.8.4-2+deb11u2.debian.tar.xz
 1f5dfcbace96c28d2736459a237bede3f2675ce50751014b1e549d541e3a58f2 11527 libavif_0.8.4-2+deb11u2_amd64.buildinfo
Files:
 4a8f8d22e7f68f15aad5f4a715b9b48a 2371 libs optional libavif_0.8.4-2+deb11u2.dsc
 1333dbe8174f7fc8e1b311ed6c705878 2952844 libs optional libavif_0.8.4.orig.tar.gz
 2cb7c64c7fe038a246d5e1245cc6cd02 7504 libs optional libavif_0.8.4-2+deb11u2.debian.tar.xz
 2229652a9a4065aa24072bff3b498adb 11527 libs optional libavif_0.8.4-2+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmg1FF8ZHGNoYXJsZXNt
ZWxhcmFAcmlzZXVwLm5ldAAKCRC3gz2CAnyZC8JyD/99vjXS1LRHdKAsbhusr2hO
/plXuDrUgKj8KTxq/GrGh2qWY0dEe3y1aQfByXd7cg9Hl33sQRT8jjOPp3DIhZfk
/FFFiuP+VMJjH1409zQi9S/93/IWt6HoKxlwFFg2fmsGDaxfDRXTuSsUaTkfep5C
13nx1Bmfht0Oq72Okirfqo9ffhMlSj9crvN1/hRrCETnTxIS5wLwhCLhGT61KFvi
+rFlaPisKQwf36aB6WOjeiMjXOcXEHAH1FU9hBd8e5givZ8ir0SR7KQYhuwV6he/
zjl34rV3jl8c2lWYmmY+My/60Uju0QGrvf9HaTwBajsj/RUnwgUeLXmYNcw/Tco4
a943vi8QoNRWqd8Jg2dfCEn6pdnv+whI4S9hI2M/wZdmnqQo0LLw4VI9z5/x7z5U
IytS5NZrFMsSZfNidHS+xKoG7c+LZWDH3DvUgdCfPnAIu2CNGTbFsm9a433ptTwM
DN7gymQxMGoQ7N9yC7hNrCSGl7jY8JwiQcTs2OWUD4uNxZNcUAnBf7eJYnJhr+We
QYaSekn3zSDLRZkwQB8CgKKHgYs7G/BbwXhOfy8aAyLj/wZ0s9I53JfIjMJVwben
7/YRF65eo5GkNmhPo5wOf/Qb12LPSPdSRS1q904jzcXUI8ys2UMAfKzNzcpA7CC5
pZHSZ4CV6FE61lTQ6s4Fow==
=IE8n
-----END PGP SIGNATURE-----

Attachment: pgpMA514ff5hT.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted pgbouncer 1.15.0-1+deb11u1 (source) into oldstable-security
Next by Date: Accepted glibc 2.31-13+deb11u13 (source) into oldstable-security
Previous by thread: Accepted pgbouncer 1.15.0-1+deb11u1 (source) into oldstable-security
Next by thread: Accepted glibc 2.31-13+deb11u13 (source) into oldstable-security
Index(es):
- Date
- Thread