libsdl1.2 (1.2.14-6.4ubuntu3.2) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-13616.patch: validate image size
      when loading BMP files in src/video/SDL_bmp.c.
    - CVE-2019-13616
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2019-7572*.patch: moving clamping the index
      value at beginning of IMA_ADPCM_nibble in src/audio/SDL_wave.c.
    - CVE-2019-7572
  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-7573-76.patch: check if MS ADPCK chunk
      was too short in src/audio/SDL_wave.c.
    - CVE-2019-7573
    - CVE-2019-7576
  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-7574.patch: check if data chunk
      was shorter than expected based on WAF format in
      src/audio/SDL_wave.c.
    - CVE-2019-7574
  * SECURITY UPDATE: Heap-based buffer overflow and buffer over-read
    - debian/patches/CVE-2019-7575-77-2.patch: check if
      a WAV format defines shorter audio stream in
      src/audio/SDL_wave.c.
    - debian/patches/CVE-2019-7577.patch: checks overread in
      src/audio/SDL_wave.c.
    - CVE-2019-7575
    - CVE-2019-7577
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7578.patch: fix in
      src/audio/SDL_wave.c.
    - CVE-2019-7578
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7635.patch: fix in
      src/video/SDL_bmp.c.
    - CVE-2019-7635
  * SECURITY UPDATE: heap-baed buffer over-read
    - debian/patches/CVE-2019-7636.patch: fix in
      src/video/SDL_bmp.c.
    - CVE-2019-7636
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-7637*.patch: fix in
      src/video/SDL_pixels.c, src/video/gapi/SDL_gapivideo.c.
    - CVE-2019-7637
  * fixing a patch error
    - debian/patches/fix_error_patching*.patch: in
      src/audio/SDL_wave.c, src/video/SDL_pixels.c.

Date: 2019-10-16 13:19:13.939551+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/libsdl1.2/1.2.14-6.4ubuntu3.2
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to