Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e96ca12a by Moritz Muehlenhoff at 2026-07-01T10:35:18+02:00 new libde265 issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2026-45382 + - libde265 1.1.1-1 + NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-hwhx-x2mq-ccr9 +CVE-2026-45383 + - libde265 1.1.1-1 + NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-wg9q-ppqw-6q38 CVE-2026-54241 - libde265 1.1.1-1 NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-j2qq-x2xq-g9wr @@ -8661,7 +8667,7 @@ CVE-2026-50559 (Quarkus is a Java framework for building cloud-native applicatio CVE-2026-50519 (Initialization of a resource with an insecure default in GitHub Copilo ...) NOT-FOR-US: Microsoft CVE-2026-49346 (libde265 is an open source implementation of the h.265 video codec. Pr ...) - - libde265 <unfixed> (bug #1140431) + - libde265 1.1.1-1 (bug #1140431) NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-vv8h-932h-7r86 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/8a1b5cf212f78e1c77cb46eb5d56e492a9336eb8 (v1.1.0) CVE-2026-49345 (Mercator is an open source web application that enables mapping of the ...) @@ -8678,11 +8684,11 @@ CVE-2026-49340 (gonic is a music streaming server / free-software subsonic serve CVE-2026-49338 (gonic is a music streaming server / free-software subsonic server API ...) NOT-FOR-US: gonic music streaming server CVE-2026-49337 (libde265 is an open source implementation of the h.265 video codec. Pr ...) - - libde265 <unfixed> (bug #1140431) + - libde265 1.1.1-1 (bug #1140431) NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-g5hj-rf9f-7vxm NOTE: Fixed by: https://github.com/strukturag/libde265/commit/683cb9fa603e35840642f98765ab95cdb71cadf9 (v1.1.0) CVE-2026-49295 (libde265 is an open source implementation of the h.265 video codec. Pr ...) - - libde265 <unfixed> (bug #1140431) + - libde265 1.1.1-1 (bug #1140431) NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-g2rg-wj66-w594 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/691f3a3c55b3d32478c4a49895dee061a282652 (v1.1.0) CVE-2026-48794 (Authelia is an open-source authentication and authorization server pro ...) ===================================== data/dsa-needed.txt ===================================== @@ -50,6 +50,9 @@ kamailio kitty Maintainer proposed debdiff for review in https://bugs.debian.org/1139898#15 -- +libde265 + possibly best to move to 1.1.1 +-- libheif possibly best to move to 1.23.0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e96ca12a608e106c08f371f0fa2ee9d7f107dcaf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e96ca12a608e106c08f371f0fa2ee9d7f107dcaf You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
