Please create a new upstream release

[pkern]

There are various fixed CVEs in the repository (see e.g. Debian bug #1014977 for a list). Would it be possible to cut a new (tested) upstream release for inclusion into distributions?

For what it's worth there are also some older unfixed CVEs as well per Debian bug #1004963. (Aside from the recent flurry of even more fuzzing related bugs.)

Thanks!

[fancycode]

There is a release 1.0.9 that contains the latest fixes for which I'm currently updating the packaging at "https://salsa.debian.org/multimedia-team/libde265".

@farindk will release another version once more fixes are available.

[farindk]

I've just released v1.0.10 which fixes all known and reproducible issues.

@fancycode Could you please build the Debian package for this as they would like to have this in the next Debian stable release in two weeks: #372 (comment)
There are no API changes.

[farindk]

I have added a couple more fixes for crashes that were reported today.
I propose to release v1.0.11 including these.

@fancycode Let me know when you are ready to compile the Debian packages. Then I'll tag v1.0.11.

@coldtobi FYI

[coldtobi]

@fancycode any updates? (I'd do another NMU update with the new version + possible patches sine 1.10.0 otherwise, possibly this Saturday, as this will be required to fix the CVEs in bullseye.)

@farindk (FYI)

[farindk]

I have released v1.0.11.

[fancycode]

@coldtobi I'm trying to finish packaging for 1.0.11 today

[fancycode]

New packaging is uploaded to mentors (https://mentors.debian.net/package/libde265/) and waiting for being accepted.

[fancycode]

I think this can be closed now, @farindk what do you think?

[farindk]

@fancycode Thank you for building the package.