Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: bf072fbf by Hugo Lefeuvre at 2019-07-21T20:40:47Z CVE-2018-3977: add follow-up fix https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8 is obviously broken, ty is sanitized instead of y which is the actual index variable. Add follow up fix. Also, remove no-dsa triage for jessie since this issue will be addressed in the next upload. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -81208,12 +81208,11 @@ CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Wo CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...) - libsdl2-image 2.0.3+dfsg1-3 (bug #912617) [stretch] - libsdl2-image <no-dsa> (Minor issue) - [jessie] - libsdl2-image <no-dsa> (Minor issue) - sdl-image1.2 1.2.12-10 (bug #912618) [stretch] - sdl-image1.2 <no-dsa> (Minor issue) - [jessie] - sdl-image1.2 <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645 NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8 + NOTE: follow-up fix (TALOS-2019-0842): https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster file form ...) NOT-FOR-US: Canvas Draw CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the RTF- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf072fbfe0f0650838671c70f61010ec97e86a9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf072fbfe0f0650838671c70f61010ec97e86a9f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
