Bug#1033257: marked as done (libde265: CVE-2023-27102 CVE-2023-27103)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 20 Jun 2023 21:13:43 +0200
with message-id <[🔎] ZJH6Z8F9wlECS7UK@eldamar.lan>
and subject line Accepted libde265 1.0.12-1 (source) into unstable
has caused the Debian Bug report #1033257,
regarding libde265: CVE-2023-27102 CVE-2023-27103
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033257: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033257
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: libde265: CVE-2023-27102 CVE-2023-27103
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Mon, 20 Mar 2023 20:13:51 +0100
• Message-id: <ZBiwb0P8SJayfE7z@pisco.westfalen.local>

Source: libde265
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for libde265.

CVE-2023-27102[0]:
| Libde265 v1.0.11 was discovered to contain a segmentation violation
| via the function decoder_context::process_slice_segment_header at
| decctx.cc.

https://github.com/strukturag/libde265/issues/393
https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1

CVE-2023-27103[1]:
| Libde265 v1.0.11 was discovered to contain a heap buffer overflow via
| the function derive_collocated_motion_vectors at motion.cc.

https://github.com/strukturag/libde265/issues/394
https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-27102
    https://www.cve.org/CVERecord?id=CVE-2023-27102
[1] https://security-tracker.debian.org/tracker/CVE-2023-27103
    https://www.cve.org/CVERecord?id=CVE-2023-27103

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1033257@bugs.debian.org, 1033257-done@bugs.debian.org
• Cc: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>, Joachim Bauch <bauch@struktur.de>, Tobias Frost <tobi@debian.org>
• Subject: Accepted libde265 1.0.12-1 (source) into unstable
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 20 Jun 2023 21:13:43 +0200
• Message-id: <[🔎] ZJH6Z8F9wlECS7UK@eldamar.lan>
• Mail-followup-to: 1033257@bugs.debian.org, 1033257-done@bugs.debian.org, Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>, Joachim Bauch <bauch@struktur.de>, Tobias Frost <tobi@debian.org>

Source: libde265
Source-Version: 1.0.12-1

----- Forwarded message from Debian FTP Masters <ftpmaster@ftp-master.debian.org> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 20 Jun 2023 09:10:00 +0200
Source: libde265
Architecture: source
Version: 1.0.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Joachim Bauch <bauch@struktur.de>
Changes:
 libde265 (1.0.12-1) unstable; urgency=medium
 .
   * New upstream version 1.0.12
   * Fixes CVE-2023-27102, CVE-2023-27103
Checksums-Sha1:
 bb31cc1fe71a8296116741f0c97821822d8c1e93 2190 libde265_1.0.12-1.dsc
 e35ecaf9f92ee9ac16a00c4c46a08265db1875ad 846345 libde265_1.0.12.orig.tar.gz
 6dea97aa73959056cb71cc681205578c00f850f4 13856 libde265_1.0.12-1.debian.tar.xz
 3923d67bd5e56435a08f156529be18673252232f 12057 libde265_1.0.12-1_amd64.buildinfo
Checksums-Sha256:
 1f385757f4b184d97065fd5ea6ac59d008644ca469441a4c897a7d25c2a75873 2190 libde265_1.0.12-1.dsc
 62185ea2182e68cf68bba20cc6eb4c287407b509cf0a827d7ddb75614db77b5c 846345 libde265_1.0.12.orig.tar.gz
 ee94aa14e49de8496f2edcb2cb736e924ef5b1b830a09c78c5aefd09e16d2ead 13856 libde265_1.0.12-1.debian.tar.xz
 03c39d0fdc1333eff844face7304808c236a76197c2b71ee3198a61e2c756f2b 12057 libde265_1.0.12-1_amd64.buildinfo
Files:
 42447cc1528bd9cab7e80b3c2b299a56 2190 libs optional libde265_1.0.12-1.dsc
 b4abfb8a1c38c1270afae91bc96e661d 846345 libs optional libde265_1.0.12.orig.tar.gz
 8fc0be8991998a24088882cc5e012814 13856 libs optional libde265_1.0.12-1.debian.tar.xz
 9fcdc5703e9e60066f56da244ff396ec 12057 libs optional libde265_1.0.12-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmSRqmwACgkQkWT6HRe9
XTbe+Q/+LRNdf7ArYcjYJLBB5Y/qY2cVyIpx9MwtEEoCCEr6p1hQlcANWoRgYIgL
y0K8tQ9pWKYhq776TWaQ3IjEIz5/MLqUl3exmzdGXWlquUB/YiaW49Z0fEDWectD
IJFYzZHpm/DmV6VNiipfQ03+NNHeuytOhErZErwm06Sq3pZ6U0MtmMcs+eQj0ht/
jGzr4Vux7cAhwuz4cyIPF4heyilAXqo2o0XirvoU0vmS3T8f1I8Tr6rg9R3vyKIb
zB4OVb6z4hMRXA9YZ7L8V+QPF2AxX1b9rSmS0WciBU8MqZtCRdeyrNNOtOm/NRbm
qBjw2gxnW4LRWSeOued15X0J2M/q3GHcrmi15q2kKp9d+cEqUlYbcka9wSPg++ax
esbUxyPVho/GTYP6mMtHg8HZqZw5SI7oF6CP2ttuOBYafU24z3H/aIV0ieGJg/nX
6KH2shmAL3E4ulLYCEqxWnZJLnIV3bykiKHtnuyHvQVQ5Xd/YoNxdcB6Uff4rALO
KyRfVrg4YPkVwQLcgbK6QzamwbYI5XCdwYVoPExtlNEydjQIu3Cpdn05x+xdm7vm
w1/cN/FLsbdb44EtrzUpN/Cv9DidYsgC6/JLy+nKpqlpMqmVdPdHpAH3WtJjU9/y
xemHLdNTq5NNbEBm9WIVhkOC9iBeALhj0uwzs7gvNG0lAbUMWNA=
=QRgB
-----END PGP SIGNATURE-----


----- End forwarded message -----

--- End Message ---