libheif (1.6.1-1ubuntu0.1~esm3) focal-security; urgency=medium

  * SECURITY UPDATE: Information leak in decode.
    - debian/patches/CVE-2026-32814.patch: Initialize allocated memory to
      avoid information leak in libheif/heif_image.cc
    - CVE-2026-32814
  * SECURITY UPDATE: Heap overflow in HeifPixelImage.
    - debian/patches/CVE-2026-32882.patch: Fix overlay image with alpha
      channels with stride different from color channel in
      libheif/heif_image.cc
    - CVE-2026-32882

 -- Kyle Kernick <kyle.kernick@canonical.com>  Tue, 16 Jun 2026 18:06:22 -0600

libheif (1.6.1-1ubuntu0.1~esm2) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2024-25269.patch: Fix memory leaks in function
      JpegEncoder::Encode
    - CVE-2024-25269
  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2025-68431.patch: Fix wrong copy width in
      overlay images, thanks to Aldo Ristori
    - CVE-2025-68431

 -- Bruce Cable <bruce.cable@canonical.com>  Wed, 07 Jan 2026 17:32:44 +1100

libheif (1.6.1-1ubuntu0.1~esm1) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow and divide by zero
    - debian/patches/CVE-2020-23109.patch: internal image representation
      always in RGB
    - debian/patches/CVE-2023-0996.patch: JS: Fix copying of strided
      image data.
    - debian/patches/CVE-2023-29659.patch: do not reduce Fraction
      accuracy when it would result in a zero denominator (fixes #794)
    - CVE-2020-23109
    - CVE-2023-0996
    - CVE-2023-29659

 -- Allen Huang <allen.huang@canonical.com>  Tue, 18 Jun 2024 18:48:05 +0100

libheif (1.6.1-1build1) focal; urgency=medium

  * No-change rebuild for libgcc-s1 package name change.

 -- Matthias Klose <doko@ubuntu.com>  Sun, 22 Mar 2020 16:45:59 +0100

libheif (1.6.1-1) unstable; urgency=medium

  * Imported Upstream version 1.6.1

 -- Joachim Bauch <bauch@struktur.de>  Fri, 20 Dec 2019 10:31:19 +0100

libheif (1.6.0-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * Bump Standards-Version to 4.4.1

  [ Joachim Bauch ]
  * Imported Upstream version 1.6.0
  * Update symbls for new upstream version.
  * Install man pages.

 -- Joachim Bauch <bauch@struktur.de>  Fri, 08 Nov 2019 14:23:21 +0100

libheif (1.5.1-1) unstable; urgency=medium

  * Imported Upstream version 1.5.1
  * Update to debhelper compat level 12 and add debian/not-installed
  * Enable hardening.
  * Stop parsing changelog manually.
  * Fix "get-head-source" and don't include date in filename.
  * Specify "Build-Depends-Package" in symbols.

 -- Joachim Bauch <bauch@struktur.de>  Fri, 30 Aug 2019 10:30:36 +0200

libheif (1.5.0-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * Use debhelper-compat instead of debian/compat
  * Bump Standards-Version to 4.4.0

  [ Joachim Bauch ]
  * Imported Upstream version 1.5.0
  * Update symbols for new upstream version.
  * Add copyright entries for new files in test/
  * Add missing copyright entry for files in scripts/
  * The examples are MIT licensed since 1.4.0
  * Remove patches no longer needed (fixed upstream).

  [ Mattia Rizzolo ]
  * Drop now unneeded debian/source/include-binaries

 -- Joachim Bauch <bauch@struktur.de>  Fri, 16 Aug 2019 16:29:09 +0200

libheif (1.4.0-2) unstable; urgency=medium

  * Team upload.
  * Upload to unstable.
  * debian/patches: Apply upstream fixes for CVE-2019-11471. (Closes: #928210)

 -- Sebastian Ramacher <sramacher@debian.org>  Sat, 06 Jul 2019 15:37:07 +0200

libheif (1.4.0-1) experimental; urgency=medium

  * Imported Upstream version 1.4.0
  * Add new package containing the gdk-pixbuf loader.
  * Update "Standards-Version" to 4.3.0
  * Update symbols for new upstream version.

 -- Joachim Bauch <bauch@struktur.de>  Tue, 02 Apr 2019 10:17:10 +0200

libheif (1.3.2-1) unstable; urgency=medium

  * Imported Upstream version 1.3.2
  * Update "Standards-Version" to 4.1.4
  * Update symbols for new upstream version.

 -- Joachim Bauch <bauch@struktur.de>  Thu, 21 Jun 2018 15:40:05 +0200

libheif (1.2.0-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field

  [ Joachim Bauch ]
  * Imported Upstream version 1.2.0
  * Remove patch now in upstream.
  * Update symbols for new upstream version.
  * Add new package "heif-thumbnailer".

 -- Joachim Bauch <bauch@struktur.de>  Mon, 28 May 2018 16:12:56 +0200

libheif (1.1.0-2) unstable; urgency=medium

  * Add patch to fix compile errors on mips, ppc and other platforms.

 -- Joachim Bauch <bauch@struktur.de>  Thu, 19 Apr 2018 09:04:15 +0200

libheif (1.1.0-1) unstable; urgency=medium

  [ Joachim Bauch ]
  * d/control: Set Maintainer to Debian Multimedia Maintainers
  * d/control: Set Vcs-* to salsa.debian.org

  [ Felipe Sateler ]
  * Change maintainer address to debian-multimedia@lists.debian.org

  [ Joachim Bauch ]
  * Use default branch/tag names.
  * Imported Upstream version 1.1.0
  * Add dependency on "libx265-dev".
  * Update symbols for new upstream version.

 -- Joachim Bauch <bauch@struktur.de>  Wed, 18 Apr 2018 16:28:10 +0200

libheif (1.0.0-1) unstable; urgency=medium

  * Initial release. (Closes: #888278)

 -- Joachim Bauch <bauch@struktur.de>  Sun, 18 Mar 2018 14:55:50 +0100
