[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2019-12221 affects libsdl2-image/sdl-image1.2, not libsdl2/libsdl1.2

Hi Hugo,

On Sat, May 25, 2019 at 03:12:40PM +0200, Hugo Lefeuvre wrote:
> Hi Salvatore,
> 
> > When the CVE first appeared it was not yet clear where exactly the
> > vulnerabilities lie, thus we kept the TODO as per 
> > 
> > TODO: check details and correct vulnerability location
> > 
> > Now that you apparently found the root cause and followed up upstream
> > in the bugzilla, right thing would be to replace the source package
> > tracking entries to the correct source. 
> > So basically replace tracking of slibsdl2 and libsdl1.2 with
> > libsdl2-image and sdl-image1.2 instead.
> 
> I see that you already did it, thanks! :)

yes did basically as same time as the reply.

Btw, if you did as well already check the respective other libsdl*
CVEs which were noch clear at the initial time and carry thus the same
TODO and the source tracking is correct, then please do remove there
as well the TODO item.

Regards,
Salvatore
Reply to: