Ubuntu
libvpx package

Change logs for libvpx source package in Noble

  1. Noble (24.04)
  2. Change log 
  • libvpx (1.14.0-1ubuntu2.1) noble-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflows
    - debian/patches/CVE-2024-5197-pre1.patch: add test/vpx_image_test.cc.
    - debian/patches/CVE-2024-5197-1.patch: fix integer overflows in calc
      of stride_in_bytes in test/vpx_image_test.cc, vpx/src/vpx_image.c.
    - debian/patches/CVE-2024-5197-2.patch: avoid integer overflows in
      arithmetic operations in test/vpx_image_test.cc, vpx/src/vpx_image.c,
      vpx/vpx_image.h.
    - debian/patches/CVE-2024-5197-3.patch: fix a bug in alloc_size for
      high bit depths in vpx/src/vpx_image.c.
    - CVE-2024-5197

 -- Marc Deslauriers <email address hidden>  Wed, 05 Jun 2024 09:49:38 -0400
  • libvpx (1.14.0-1ubuntu2) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 02:20:28 +0000
  • libvpx (1.14.0-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/rules: Disable LTO (Closes: #1015532)

 -- Lukas Märdian <email address hidden>  Thu, 14 Mar 2024 16:49:55 +0100
  • libvpx (1.14.0-1) experimental; urgency=medium

  * New upstream version 1.14.0
    - SONAME bump: libvpx8 -> libvpx9
  * debian/copyright:
    - Update copyright years
    - Add myself

 -- Sebastian Ramacher <email address hidden>  Sat, 27 Jan 2024 12:56:19 +0100
  • libvpx (1.13.1-2ubuntu1) noble; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/rules: Disable LTO

libvpx (1.13.1-2) unstable; urgency=medium

  * Upload to unstable
  * debian/: Honor CPPFLAGS

libvpx (1.13.1-1) experimental; urgency=medium

  * New upstream version 1.13.1
    - SONAME bump: libvpx7 -> libvpx8
  * debian/patches: Drop patches included upstream
  * debian/: Remove no longer supported architectures
  * debian/control:
    - Add myself to uploaders
    - Bump Standards-Version

libvpx (1.12.0-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * encode_api_test: add ConfigResizeChangeThreadCount
  * VP8: disallow thread count changes (CVE-2023-5217) (Closes: #1053182)

 -- Mate Kukri <email address hidden>  Fri, 17 Nov 2023 09:45:41 +0000
  • libvpx (1.12.0-1ubuntu2) mantic; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow in vp8 encoding
    - debian/patches/CVE-2023-5217-1.patch: add ConfigResizeChangeThreadCount
      to test/encode_api_test.cc.
    - debian/patches/CVE-2023-5217-2.patch: disallow thread count changes
      in test/encode_api_test.cc, vp8/encoder/onyx_if.c.
    - CVE-2023-5217
  * SECURITY UPDATE: Width mishandling in vp9 encoding
    - debian/patches/CVE-2023-44488.patch: fix bug with smaller width
      bigger size in test/resize_test.cc, vp9/common/vp9_alloccommon.c,
      vp9/encoder/vp9_encoder.c.
    - CVE-2023-44488

 -- Marc Deslauriers <email address hidden>  Mon, 02 Oct 2023 06:43:10 -0400