Closed pkern closed 1 year ago
fancycode
commented
1 year ago There is a release 1.0.9 that contains the latest fixes for which I'm currently updating the packaging at "https://salsa.debian.org/multimedia-team/libde265".
@farindk will release another version once more fixes are available.
farindk
commented
1 year ago I've just released v1.0.10 which fixes all known and reproducible issues.
@fancycode Could you please build the Debian package for this as they would like to have this in the next Debian stable release in two weeks: https://github.com/strukturag/libde265/pull/372#issuecomment-1406157474 There are no API changes.
farindk
commented
1 year ago I have added a couple more fixes for crashes that were reported today. I propose to release v1.0.11 including these.
@fancycode Let me know when you are ready to compile the Debian packages. Then I'll tag v1.0.11.
@coldtobi FYI
coldtobi
commented
1 year ago @fancycode any updates? (I'd do another NMU update with the new version + possible patches sine 1.10.0 otherwise, possibly this Saturday, as this will be required to fix the CVEs in bullseye.)
@farindk (FYI)
farindk
commented
1 year ago I have released v1.0.11.
fancycode
commented
1 year ago @coldtobi I'm trying to finish packaging for 1.0.11 today
fancycode
commented
1 year ago New packaging is uploaded to mentors (https://mentors.debian.net/package/libde265/) and waiting for being accepted.
fancycode
commented
1 year ago I think this can be closed now, @farindk what do you think?
farindk
commented
1 year ago @fancycode Thank you for building the package.
There are various fixed CVEs in the repository (see e.g. Debian bug #1014977 for a list). Would it be possible to cut a new (tested) upstream release for inclusion into distributions?
For what it's worth there are also some older unfixed CVEs as well per Debian bug #1004963. (Aside from the recent flurry of even more fuzzing related bugs.)
Thanks!