Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 873bb439 by Hugo Lefeuvre at 2019-05-28T14:45:13Z dla-needed: update regarding sdl issues - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -55,8 +55,19 @@ libmatio (Adrian Bunk) NOTE: 20190526: work is ongoing -- libsdl1.2 (Hugo Lefeuvre) + NOTE: see libsdl2 entry. -- libsdl2 (Hugo Lefeuvre) + NOTE: recent issues received very few investigation. Some of them have already been + NOTE: triaged no-dsa, but I think we should at least process the TODOs to determine + NOTE: which product exactly is affected. + NOTE: Also, I don't know very much how these functions are called by reverse + NOTE: dependencies, but CVE-2019-12221 at least is not a completely a "harmless + NOTE: crasher" since I suspect it to allow for unlimited oob write on the heap. Hard + NOTE: to exploit, but not impossible I believe. +-- +libsdl2-image (Hugo Lefeuvre) + NOTE: see libsdl2 entry. -- libspring-java (Roberto C. Sánchez) NOTE: 20190527: Many <no-dsa> minor issues, some of them fixed in stretch. Most of @@ -111,6 +122,9 @@ ruby-omniauth (Abhijith PA) NOTE: CVE-2015-9284: known vulnerabilities. However the issue is rather old and the impact NOTE: CVE-2015-9284: may be rather large. When fixing this needs to be further investigated. -- +sdl-image1.2 (Hugo Lefeuvre) + NOTE: see libsdl2 entry. +-- simplesamlphp -- sysdig (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/873bb439c80876708571b0c61d765cb78786d5ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/873bb439c80876708571b0c61d765cb78786d5ea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
