Debian Patches
Status for libvpx/1.15.0-2.1+deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Relax-ABI-check.patch | Relax ABI check We have symbol files and version dependencies to properly track this. |
Sebastian Ramacher <sramacher@debian.org> | no | 2021-08-31 | ||
| 0002-Do-not-undefine-_FORTIFY_SOURCE.patch | Do not undefine _FORTIFY_SOURCE | Sebastian Ramacher <sramacher@debian.org> | no | 2023-10-05 | ||
| vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch | vpx_codec_enc_init_multi: fix double free on init failure In `vp8e_init()`, the encoder would take ownership of `mr_cfg.mr_low_res_mode_info` even if `vp8_create_compressor()` failed. This caused confusion at the call site as other failures in `vp8e_init()` did not result in ownership transfer and the caller would free the memory. In the case of `vp8_create_compressor()` failure both the caller and `vpx_codec_destroy()` would free the memory, causing a crash. `mr_*` related variables are now cleared on failure to prevent this situation. |
James Zern <jzern@google.com> | yes | upstream | 2025-04-30 | |
| CVE-2026-2447.patch | commit d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1 write_superframe_index: return 0 if buffer is full write_superframe_index() should return the number of bytes written to ctx->pending_cx_data. If ctx->pending_cx_data is full, write_superframe_index() doesn't write the optional superframe index, so it should return 0 in this case. Add an assertion that would have detected this bug. Add and clarify comments for code related to this bug. Also fix the buffer full check. The check should not assume that ctx->pending_cx_data is equal to ctx->cx_data, and the check had an off-by-one error. The bug was introduced when write_superframe_index() was added in the following CLs: https://chromium-review.googlesource.com/c/webm/libvpx/+/44659 https://chromium-review.googlesource.com/c/webm/libvpx/+/45268 Bug: oss-fuzz:476466137 Change-Id: Ie113568cf25acc73f8af640a3c51cfdb5b900613 |
Wan-Teh Chang <wtc@google.com> | no | 2026-01-21 |
All known versions for source package 'libvpx'
- 1.16.0-3 (sid, forky)
- 1.15.0-2.1+deb13u1 (trixie-proposed-updates, trixie-security)
- 1.15.0-2.1 (trixie)
- 1.12.0-1+deb12u5 (bookworm-security, bookworm-proposed-updates)
- 1.12.0-1+deb12u4 (bookworm)