Your message dated Sat, 07 May 2022 11:34:18 +0000
with message-id <[email protected]>
and subject line Bug#1010671: fixed in libsdl2-ttf 2.0.18+dfsg-3
has caused the Debian Bug report #1010671,
regarding libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading
glyphs and rendering text
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010671
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libsdl2-ttf-dev
Version: 2.0.18+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Hi,
The following vulnerability was published for libsdl2-ttf.
CVE-2022-27470[0]:
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
| memory write via the function TTF_RenderText_Solid(). This
| vulnerability is triggered via a crafted TTF file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-27470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27470
Please adjust the affected versions in the BTS as needed.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libsdl2-ttf-dev depends on:
ii libc6-dev 2.34-0experimental2
ii libsdl2-dev 2.0.22+dfsg-3
ii libsdl2-ttf-2.0-0 2.0.18+dfsg-2
libsdl2-ttf-dev recommends no packages.
libsdl2-ttf-dev suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libsdl2-ttf
Source-Version: 2.0.18+dfsg-3
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libsdl2-ttf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated libsdl2-ttf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 07 May 2022 11:34:44 +0100
Source: libsdl2-ttf
Architecture: source
Version: 2.0.18+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian SDL packages maintainers
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1010671
Changes:
libsdl2-ttf (2.0.18+dfsg-3) unstable; urgency=medium
.
* Team upload
* Add patches from upstream to fix overflows
- Integer overflow with crafted/malicious TTF files
(Closes: #1010671, CVE-2022-27470)
- Buffer overflow if memory allocation fails
Checksums-Sha1:
73e7684e790af678404046cbd5512d361c2267de 2395 libsdl2-ttf_2.0.18+dfsg-3.dsc
ce9aee94ea5188f1846e97807d2a1988528610ef 8252
libsdl2-ttf_2.0.18+dfsg-3.debian.tar.xz
a48972fc75d875a6458bd2b5973c75c892883941 10542
libsdl2-ttf_2.0.18+dfsg-3_source.buildinfo
Checksums-Sha256:
73b227018424790969db13e7aa40547a5aad3e734bac80941cd86a7f406a224e 2395
libsdl2-ttf_2.0.18+dfsg-3.dsc
ec1f400d6348fdfbc05d2b1e0b6a91ff5c9268819aba70fc3d604a44016806f9 8252
libsdl2-ttf_2.0.18+dfsg-3.debian.tar.xz
9253e5d3d9050f5343aa794d19797bb565f0f573423cc3fba5be354e590ab00b 10542
libsdl2-ttf_2.0.18+dfsg-3_source.buildinfo
Files:
4b47cf162d6bedc0a3bfd3786b9c492c 2395 libs optional
libsdl2-ttf_2.0.18+dfsg-3.dsc
a70b55d109a84c290432c2db82c38595 8252 libs optional
libsdl2-ttf_2.0.18+dfsg-3.debian.tar.xz
4bfd6b13c1f8333afde6e70586e32a0d 10542 libs optional
libsdl2-ttf_2.0.18+dfsg-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmJ2VoIACgkQ4FrhR4+B
TE8puA/9Eh5n3drP+r5874AY5O5GiXe/gDUL8fEGruU/1BDMq142qHCZJDYUR5HG
Jgh4DLqgPQ874nGIMF1UXlj8fHEO5Yv9IZtanw3kpTejOXpAnR8RMulHT2etsPym
boYy6uE1QTAdLtgRAVt881XY2/4gi2wFLkTOyvaXhxy5nKjLRYHsNViqzPmwBFqs
xNVv1s36o/2gsPZf0Oo7uNjWi2of23VXVH483jRiczZqbP4QjWdbtky6Kh9XbySu
8DH8GpvZ8HXYyZQfK/TmGj7zAlYHqPVAJupSCF1hi7yU/oD5+U+wJU/ThJRgpYYP
fKX2PgIxwPh+brJkbLaR6EeVI+RHRQU9HLhdEvmwsgyOk9PfrMsiheNmBvSEKI3l
8pvUAnBhXglCDtjaIEV24wQF8zvwHal19bGFhUlgn+gmsenAqRWpiEko4Tb1TwFL
txM+YsPUXjnG7O79xTREeXFgPE34aJ9fq35NihJbM0WbwZ9hOsdfQWGOnXJ9GDzf
sMl9KR/+MQJv7qVtg+Xu2wctBpA7zQ+EqYO2fh78eA08mF0W5b9chT8cOC/kNLdx
cSi1myWdEw5GPu81sJk8xHQaqPWk4aXz5dqR+jARgtVbNR336mp1FgB85tIpU8AA
3vXionREFqZ6kDXIbFxg8cu7qT7deo2xkeSap3n59E+CPS0RSCw=
=ROvo
-----END PGP SIGNATURE-----
--- End Message ---
