Closed pkern closed 1 year ago
There is a release 1.0.9 that contains the latest fixes for which I'm currently updating the packaging at "https://salsa.debian.org/multimedia-team/libde265".
@farindk will release another version once more fixes are available.
I've just released v1.0.10 which fixes all known and reproducible issues.
@fancycode Could you please build the Debian package for this as they would like to have this in the next Debian stable release in two weeks: https://github.com/strukturag/libde265/pull/372#issuecomment-1406157474 There are no API changes.
I have added a couple more fixes for crashes that were reported today. I propose to release v1.0.11 including these.
@fancycode Let me know when you are ready to compile the Debian packages. Then I'll tag v1.0.11.
@coldtobi FYI
@fancycode any updates? (I'd do another NMU update with the new version + possible patches sine 1.10.0 otherwise, possibly this Saturday, as this will be required to fix the CVEs in bullseye.)
@farindk (FYI)
I have released v1.0.11.
@coldtobi I'm trying to finish packaging for 1.0.11 today
New packaging is uploaded to mentors (https://mentors.debian.net/package/libde265/) and waiting for being accepted.
I think this can be closed now, @farindk what do you think?
@fancycode Thank you for building the package.
There are various fixed CVEs in the repository (see e.g. Debian bug #1014977 for a list). Would it be possible to cut a new (tested) upstream release for inclusion into distributions?
For what it's worth there are also some older unfixed CVEs as well per Debian bug #1004963. (Aside from the recent flurry of even more fuzzing related bugs.)
Thanks!