[Git][security-tracker-team/security-tracker][master] 3 commits: Reserve DLA-2803-1 for libsdl2

Adrian Bunk (@bunk) Sun, 31 Oct 2021 02:01:22 -0700


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c6ac365b by Adrian Bunk at 2021-10-31T10:59:23+02:00
Reserve DLA-2803-1 for libsdl2

- - - - -
9655c96b by Adrian Bunk at 2021-10-31T11:00:01+02:00
dla: take libssh2

- - - - -
9bce96f6 by Adrian Bunk at 2021-10-31T11:00:28+02:00
dla: take libmspack

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -175281,7 +175281,6 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 
1.2.15 and 2.x through 2.0
        [buster] - libsdl1.2 <no-dsa> (Minor issue)
        [stretch] - libsdl1.2 <no-dsa> (Minor issue)
        - libsdl2 2.0.6+dfsg1-4 (bug #924610)
-       [stretch] - libsdl2 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
        NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f (SDL-1.2)
        NOTE: https://hg.libsdl.org/SDL/rev/32075e9e2135 (SDL-1.2)
@@ -295198,7 +295197,6 @@ CVE-2017-2889 (An exploitable Denial of Service 
vulnerability exists in the API
 CVE-2017-2888 (An exploitable integer overflow vulnerability exists when 
creating a n ...)
        {DLA-1714-2}
        - libsdl2 2.0.6+dfsg1-4 (bug #878264)
-       [stretch] - libsdl2 <no-dsa> (Minor issue)
        [jessie] - libsdl2 <no-dsa> (Minor issue)
        - libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface 
contains further check for too large width or height)
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Oct 2021] DLA-2803-1 libsdl2 - security update
+       {CVE-2017-2888 CVE-2019-7637}
+       [stretch] - libsdl2 2.0.5+dfsg1-2+deb9u2
 [30 Oct 2021] DLA-2802-1 elfutils - security update
        {CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 
CVE-2018-18521 CVE-2019-7150 CVE-2019-7665}
        [stretch] - elfutils 0.168-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -58,7 +58,9 @@ libgit2 (Utkarsh)
 --
 libsdl1.2 (Adrian Bunk)
 --
-libsdl2 (Adrian Bunk)
+libmspack (Adrian Bunk)
+--
+libssh2 (Adrian Bunk)
 --
 linux (Ben Hutchings)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82a20e6521f72ce712fb61742fd071ba5bcd01ee...9bce96f6456b9b1773b6b7076617bec6a4a85889

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82a20e6521f72ce712fb61742fd071ba5bcd01ee...9bce96f6456b9b1773b6b7076617bec6a4a85889
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Reserve DLA-2803-1 for libsdl2

Reply via email to