Skip to content

[automatic] Publish 2 advisories for libde265_jll#556

Open
jlsec-bot wants to merge 1 commit into
JuliaLang:mainfrom
jlsec-bot:libde265_jll
Open

[automatic] Publish 2 advisories for libde265_jll#556
jlsec-bot wants to merge 1 commit into
JuliaLang:mainfrom
jlsec-bot:libde265_jll

Conversation

@jlsec-bot

@jlsec-bot jlsec-bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

This action searched libde265_jll for advisories that pertain here. It identified 2 advisories as being related to the Julia package(s): libde265_jll.

⚠ There are 2 advisories with unbounded vulnerabilities

The publication of unbounded advisories is significantly more impactful and, if at all possible, should be addressed in the packages directly

2 advisories affect artifacts provided by libde265_jll

These identifications depend upon accurately tracked artifact metadata in GeneralMetadata.jl. Packages are only listed as affected if they have such tracking, and the vulnerable status (and version numbers themselves) are highly dependent on the accuracy of this metadata. Improvements can be made directly to GeneralMetadata.jl; it is automatically populated on a best-effort basis and manual edits are preserved.

Package and upstream project information

Advisory summaries

  • JLSEC-0000-CVE-2026-49295 (from: CVE-2026-49295 EUVD-2026-38079) for upstream project(s):

    • struktur:libde265 at versions: < 1.0.20, mapping to
      • libde265_jll at versions: *
  • JLSEC-0000-CVE-2026-49346 (from: CVE-2026-49346 EUVD-2026-38080) for upstream project(s):

    • struktur:libde265 at versions: < 1.1.0, mapping to
      • libde265_jll at versions: *

@lgoettgens

Copy link
Copy Markdown

JuliaPackaging/Yggdrasil#14207

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants