main/libde265: security upgrade to 1.0.15 (!58086) · Merge requests · alpine / aports

Krassy Boykinov requested to merge chereskata/aports:libde265 into master Dec 29, 2023

https://github.com/strukturag/libde265/compare/v1.0.12...v1.0.15

Changelog


v1.0.15 - maintenance Latest

A couple of bug fixes, including the following CVEs:

    CVE-2023-49465 - #435
    CVE-2023-49467 - #434
    CVE-2023-49468 - #432


v1.0.14 - build fix

This fixes build-time SSE detection when using the CMake build system.
No other changes than that. You don't need to update if you are using the autotools build system.


v1.0.13 - maintenance release

This release fixes among other smaller issues the following crashes:

    #413 SEGV:occured in function main at dec265.cc
    #414 Memory allocation failed in function main at dec265.cc
    #418 Buffer over-read causes segmentation fault in pic_parameter_set::dump
    #419 Potential segmentation fault due to incorrect realloc in CABAC_encoder_bitstream::check_size_and_resize (unused function)
    #426 SEGV in libde265 in slice_segment_header::dump_slice_segment_header
    #427 Libde265 v1.0.12 was discovered that requested allocation size exceeds maximum supported size of 0x10000000000
    #429 heap-buffer-overflow in derive_spatial_luma_vector_prediction(...)

https://github.com/strukturag/libde265/releases

main/libde265: security upgrade to 1.0.15

Merge request reports