Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1631f5e4 by Hugo Lefeuvre at 2019-05-29T13:32:51Z CVE-2019-12217: affects libsdl-image, not libsdl Very similar to CVE-2019-12221. The vulnerability lies in the sdl_image code base. As for other libsdl-image vulnerabilities, the paths are very different so it is very unlikely that MITRE will accept to reject them as duplicates. See patch proposal and report upstream side: https://bugzilla.libsdl.org/show_bug.cgi?id=4626#c1 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -512,14 +512,13 @@ CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620 TODO: check details and correct vulnerability location CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - - libsdl2 <unfixed> - [stretch] - libsdl1.2 <no-dsa> (Minor issue) - [jessie] - libsdl1.2 <no-dsa> (Minor issue) - - libsdl1.2 <unfixed> - [stretch] - libsdl2 <no-dsa> (Minor issue) - [jessie] - libsdl2 <no-dsa> (Minor issue) + - libsdl2-image <unfixed> + [stretch] - libsdl2-image <no-dsa> (Minor issue) + [jessie] - libsdl2-image <no-dsa> (Minor issue) + - sdl-image1.2 <unfixed> + [stretch] - sdl-image1.2 <no-dsa> (Minor issue) + [jessie] - sdl-image1.2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626 - TODO: check details and correct vulnerability location CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - libsdl2-image <unfixed> [jessie] - libsdl2-image <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1631f5e4dadadcc41d6ebc7e3bef829ea3c952bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1631f5e4dadadcc41d6ebc7e3bef829ea3c952bb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
