bbc0cdb21f
Release notes: https://github.com/strukturag/libheif/releases Version 1.19.6 fixes CVE-2025-43966 & CVE-2025-43967: https://github.com/strukturag/libheif/releases/tag/v1.19.6 Updated license hash due to upstream commit:377a957bd8Note: The patch for CVE-2025-43966 fixes libheif/image-items/iden.cc which was added in version 1.19.0. https://github.com/advisories/GHSA-7g9v-7vc7-pmrw The patch for CVE-2025-43967 does not apply cleanly to 1.18.2 even after renaming "/image-items/" to "/codecs/". Therefore, this patch is not backported. https://github.com/advisories/GHSA-c48q-x6xw-g5h8 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> [Julien: add justification from Bernd why the security fix is not backported] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commitaccb006d9b) Signed-off-by: Thomas Perale <thomas.perale@mind.be>