Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 46a58742 by Hugo Lefeuvre at 2019-05-28T14:30:30Z CVE-2019-12222: affects libsdl-image, not libsdl After investigating the issue, I found out that the vulnerability lies in the sdl_image code base. See patch proposal and report on upstream bug tracker: https://bugzilla.libsdl.org/show_bug.cgi?id=4621#c1 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -365,14 +365,13 @@ CVE-2019-12224 CVE-2019-12223 RESERVED CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - - libsdl2 <unfixed> - [stretch] - libsdl2 <no-dsa> (Minor issue) - [jessie] - libsdl2 <no-dsa> (Minor issue) - - libsdl1.2 <unfixed> - [stretch] - libsdl1.2 <no-dsa> (Minor issue) - [jessie] - libsdl1.2 <no-dsa> (Minor issue) + - libsdl2-image <unfixed> + [stretch] - libsdl2-image <no-dsa> (Minor issue) + [jessie] - libsdl2-image <no-dsa> (Minor issue) + - sdl-image1.2 <unfixed> + [stretch] - sdl-image1.2 <no-dsa> (Minor issue) + [jessie] - sdl-image1.2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621 - TODO: check details and correct vulnerability location CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - libsdl2-image <unfixed> [stretch] - libsdl2-image <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46a58742e2b2d6545462f5a05acf776680a41af3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46a58742e2b2d6545462f5a05acf776680a41af3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
