CVE-2023-27102 (https://github.com/strukturag/libde265/issues/393): Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. CVE-2023-27103 (https://github.com/strukturag/libde265/issues/394): Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Fixed on master.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f80c722f81bc42138bdc85f2f713ea3fa1e14dff commit f80c722f81bc42138bdc85f2f713ea3fa1e14dff Author: Christopher Fore <csfore@posteo.net> AuthorDate: 2024-01-20 16:16:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-03 11:17:32 +0000 media-libs/libde265: add 1.0.15, security bump Bump libsdl dependency to libsdl2 Bug: https://bugs.gentoo.org/905099 Signed-off-by: Christopher Fore <csfore@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/34683 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libde265/Manifest | 1 + media-libs/libde265/libde265-1.0.15.ebuild | 95 ++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+)
