Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
345adbdf by Hugo Lefeuvre at 2019-08-09T12:28:29Z
CVE-2019-13616: add commit links, also affects -image
Vulnerability also present in IMG_bmp.c from sdl-image.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3380,7 +3380,13 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a
heap-based buffer over-r
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- libsdl2 <unfixed>
- libsdl1.2 <unfixed>
+ - libsdl2-image <unfixed>
+ - sdl-image1.2 <unfixed>
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
+ NOTE: libsdl2: https://hg.libsdl.org/SDL/rev/e7ba650a643a
+ NOTE: libsdl1.2: https://hg.libsdl.org/SDL/rev/ad1bbfbca760
+ NOTE: libsdl2-image: https://hg.libsdl.org/SDL_image/rev/ba45f00879ba
+ NOTE: sdl-image1.2: https://hg.libsdl.org/SDL_image/rev/a59bfe382008
CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN
VLC Media ...)
- libebml 1.3.6-1 (low; bug #932241)
[stretch] - libebml <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/345adbdfc76aa1e45a63e19ce53f3e30bb48eade
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/345adbdfc76aa1e45a63e19ce53f3e30bb48eade
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
