Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 386c1155 by Hugo Lefeuvre at 2019-05-28T15:01:49Z CVE-2019-12219: affects libsdl-image, not libsdl Very similar to CVE-2019-12220 and CVE-2019-12222. The vulnerability lies in the sdl_image code base. Those three CVEs are most likely duplicates, but for some reason the paths are different. It is very unlikely that MITRE will accept to reject them as duplicates. See patch proposal and report on upstream bug tracker: https://bugzilla.libsdl.org/show_bug.cgi?id=4625#c1 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -389,14 +389,13 @@ CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer [jessie] - sdl-image1.2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627 CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - - libsdl2 <unfixed> - [stretch] - libsdl2 <no-dsa> (Minor issue) - [jessie] - libsdl2 <no-dsa> (Minor issue) - - libsdl1.2 <unfixed> - [stretch] - libsdl1.2 <no-dsa> (Minor issue) - [jessie] - libsdl1.2 <no-dsa> (Minor issue) + - libsdl2-image <unfixed> + [stretch] - libsdl2-image <no-dsa> (Minor issue) + [jessie] - libsdl2-image <no-dsa> (Minor issue) + - sdl-image1.2 <unfixed> + [stretch] - sdl-image1.2 <no-dsa> (Minor issue) + [jessie] - sdl-image1.2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625 - TODO: check details and correct vulnerability location CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - libsdl2-image <unfixed> [jessie] - libsdl2-image <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/386c115501f1ca6b4cd83c0f995ca6a01a869e53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/386c115501f1ca6b4cd83c0f995ca6a01a869e53 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
