[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1056187: marked as done (libde265: CVE-2023-47471)

Your message dated Tue, 21 Nov 2023 12:49:17 +0000
with message-id <E1r5QBp-00EMBM-KH@fasolo.debian.org>
and subject line Bug#1056187: fixed in libde265 1.0.13-1
has caused the Debian Bug report #1056187,
regarding libde265: CVE-2023-47471
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1056187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056187
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libde265
Version: 1.0.12-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/strukturag/libde265/issues/426
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libde265.

CVE-2023-47471[0]:
| Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows
| a local attacker to cause a denial of service via the
| slice_segment_header function in the slice.cc component.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-47471
    https://www.cve.org/CVERecord?id=CVE-2023-47471
[1] https://github.com/strukturag/libde265/issues/426
[2] https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libde265
Source-Version: 1.0.13-1
Done: Joachim Bauch <bauch@struktur.de>

We believe that the bug you reported is fixed in the latest version of
libde265, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1056187@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joachim Bauch <bauch@struktur.de> (supplier of updated libde265 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 21 Nov 2023 08:59:09 +0100
Source: libde265
Architecture: source
Version: 1.0.13-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Joachim Bauch <bauch@struktur.de>
Closes: 1038097 1056187
Changes:
 libde265 (1.0.13-1) unstable; urgency=medium
 .
   * New upstream version 1.0.13
   * Fixes CVE-2023-47471 (Closes: #1056187), CVE-2023-43887.
   * Update patches for new upstream version.
   * d/control: Upstream switched examples to SDL2 (Closes: #1038097).
   * Update symbols for new upstream version.
Checksums-Sha1:
 2df664f0e06d8e22f2c85ce39b1d8e39062035da 2347 libde265_1.0.13-1.dsc
 6ecbdebb4e1044d879252af9e9fd6298d2bed610 845625 libde265_1.0.13.orig.tar.gz
 8b222359aad46e149105ffcaeed114c8b9050de8 136204 libde265_1.0.13-1.debian.tar.xz
 0a5cbf36abc8d57fe52c9a5b495d2be35f5929e2 14069 libde265_1.0.13-1_amd64.buildinfo
Checksums-Sha256:
 941c639bf0f848e6b0b0c2eaebaab399dd00a609d75af20e16924729dbb7e9cb 2347 libde265_1.0.13-1.dsc
 b921bc90521f28914bbf0c638c436b79831857ca4f7af1f3dd4ce2228bf40cfd 845625 libde265_1.0.13.orig.tar.gz
 0611de2493043a7d0399da53f48dc63ce7733c76deb7838501807343f9c60978 136204 libde265_1.0.13-1.debian.tar.xz
 060730c0574aa185c7c5ea2c014850a05b96781befa317ee41b497091c079e9e 14069 libde265_1.0.13-1_amd64.buildinfo
Files:
 afbfb3764ffdba6f4a1e679282fe864e 2347 libs optional libde265_1.0.13-1.dsc
 4b0d471b2fe832d8e3a4f263e50d6704 845625 libs optional libde265_1.0.13.orig.tar.gz
 7c2ad6fb05f58032b3117ea62cc634eb 136204 libs optional libde265_1.0.13-1.debian.tar.xz
 a067fc03ab3c97909cc119168cc49dc1 14069 libs optional libde265_1.0.13-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmVcnsxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEe0MBAAmFoRJ/K8zK+gSXRNIuopelQcS298MdHP5aIvBNklp5DnDKzusI4mAVQz
/zsq+djR5r0QiDVdLwdDXpZXehvOF6AvDHGWAM5Q4Vf1E4z9Eke2mFlGJe0hxUNu
taNPDvACanI9mZrbKco+MM3GqO8f1mFLFeFKOcpl9gnNHV3OrD/sIcwFHBe3cMqu
Q5WJpcjEUbLkljLG1m2UWOz3lelQANMYACXQ6k7FSNm9l1aDdfGvb8siyJGvGCTk
Ny0Oa2kiYQ8QzlF6qA4Ub7X/qR8AhHvwdgamaDGYcylKOm+mHIh/LCZ0PtlSw0cy
26qv2g6wnnsyylNTwHYRRTJgAkjWB/rM6jF8bQhjZ+RI0QINH8Rtf9hv089vMuwK
CDv/e51ONzP8WDfUWnvSjCDzf67UC8OkXaRjx97WR3wGKAOkpJqVFMryyH8tKSm0
l3RUOMPhY7mtx2ebZqIynRKZy/AsxnTAKmHH09PYgQdfhP5A+2LRoqSAlEAv2556
Pz2MZjX2RKlQSvFF9RkcrBLlYm5ksYPzyLLdJ4dG2FWMEEKRfF8pDlTcGkG0Dz9W
ImftctF0J9+x+68wRvHoPFwQC0tbXkF/XCO71Mx/X0sBXWGIL0247EAY5eP09uhN
481ZLewG26poJqV9i3tYaSlmvnqwIsymbiej4vsGvWJDoBStmF4=
=P9Nz
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: