libde265 (1.0.11-0+deb10u6) buster-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2023-49465
    heap-buffer-overflow in derive_spatial_luma_vector_prediction()
  * CVE-2023-49467
    heap-buffer-overflow in derive_combined_bipredictive_merging_candidates()
  * CVE-2023-49468
    global buffer overflow in read_coding_unit()

 -- Thorsten Alteholz <debian@alteholz.de>  Fri, 29 Dec 2023 23:03:02 +0100

libde265 (1.0.11-0+deb10u5) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Fix: CVE-2023-27102, CVE-2023-27103, CVE-2023-43887 and CVE-2023-47471.

 -- Anton Gladky <gladk@debian.org>  Thu, 30 Nov 2023 17:31:53 +0100

libde265 (1.0.11-0+deb10u4) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Import new upstream version, based on the 1.0.11-0+deb11u1 package
    from bullseye.
    - fixing:
      CVE-2023-24751, CVE-2023-24752, CVE-2023-24754, CVE-2023-24755,
      CVE-2023-24756, CVE-2023-24757, CVE-2023-24758 and CVE-2023-25221.
    - dropping no longer needed patches that have been integrated or
      made obsolete by the new upstream version.

 -- Tobias Frost <tobi@debian.org>  Sat, 04 Mar 2023 17:01:58 +0100

libde265 (1.0.3-1+deb10u3) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Source-only upload. (Last upload was accidentially a binary-upload)

 -- Tobias Frost <tobi@debian.org>  Tue, 24 Jan 2023 22:39:16 +0100

libde265 (1.0.3-1+deb10u2) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Add patches:
    - reject_reference_pics_from_different_sps.patch
    - use_sps_from_the_image.patch
    - recycle_sps_if_possible.patch
  * Cherry-pick additional patches from upstream:
    check-4-negative-Q-value.patch
    CVE-2022-43245-fix-asan-wildpointer-apply_sao_internal.patch
  * Add patch "fix-invalid-memory-access.patch" to avoid out-of-bound
    array access leading to crashes.
  * Add patch CVE-2020-21596-global-buffer-overflow.patch
  * Add patch to avoid use-after-free problems.
  * Cumulative, the patches are fixing:
    CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2022-43235,
    CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239,
    CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243,
    CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249,
    CVE-2022-43250, CVE-2022-43252, CVE-2022-43253, CVE-2022-47655.
    (Closes: #1029357, #1029397, #1025816, #1027179)
   * Amend changelog of 1.0.3-1+deb10u1, as it turned out that the
     fix for CVE 2020-51999 and CVE 2021-36408 fixed other issues too.

 -- Tobias Frost <tobi@debian.org>  Tue, 24 Jan 2023 21:42:47 +0100

libde265 (1.0.3-1+deb10u1) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Cherry-pick upstream patches for:
    - CVE-2020-21599 (Closes #1014999)
    - CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410 and
      CVE-2021-36411 (Closes: #1014977)
  * The fix for CVE-2020-21599 also fixed:
    CVE-2020-21595, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602,
    CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606
  * The fix for CVE-2021-36408 also fixed:
    CVE-2020-21597, CVE-2020-21598. (Closes: #1004963)

 -- Tobias Frost <tobi@debian.org>  Thu, 15 Dec 2022 17:40:12 +0100

libde265 (1.0.3-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field
  * d/control: Set Vcs-* to salsa.debian.org

  [ Felipe Sateler ]
  * Change maintainer address to debian-multimedia@lists.debian.org

  [ Joachim Bauch ]
  * Imported Upstream version 1.0.3
  * Update patches for new upstream version.
  * Update symbols for new upstream version.
  * Update standards version and switch to debhelper 10.

 -- Joachim Bauch <bauch@struktur.de>  Thu, 19 Apr 2018 11:44:40 +0200

libde265 (1.0.2-2) unstable; urgency=low

  [ Joachim Bauch ]
  * Added patch by Andreas Cadhalpun to fix compilation with FFmpeg 2.9
    (Closes: #803834)
  * Updated symbols file for new C++11 symbols.

  [ Sebastian Ramacher ]
  * Migrate to automatic dbg packages.
  * debian/control: Remove some unnecessary Build-Depends.

 -- Joachim Bauch <bauch@struktur.de>  Mon, 11 Jan 2016 19:12:19 +0100

libde265 (1.0.2-1) unstable; urgency=low

  * Imported Upstream version 1.0.2
  * Added new files to copyright information.
  * Only export decoder API and update symbols for new version.

 -- Joachim Bauch <bauch@struktur.de>  Thu, 16 Jul 2015 11:07:46 +0200

libde265 (0.9-1) unstable; urgency=low

  * Updated symbols to make all "std::vector" symbols optional.
  * Imported Upstream version 0.9
  * Removed deprecated patch to update symbols visibility. Changes were
    applied upstream.
  * Upstream supports compiling against Qt5, prefer that over Qt4.
  * Added new symbols from new upstream release.

 -- Joachim Bauch <bauch@struktur.de>  Tue, 16 Sep 2014 18:47:14 +0200

libde265 (0.8-1) unstable; urgency=low

  * Initial release. (Closes: #744190)

 -- Joachim Bauch <bauch@struktur.de>  Fri, 08 Aug 2014 17:23:37 +0200
