[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libsdl2-image security issues in testing

Hi Felix,

(CC-ing #932754 which tracks this issue)

> > I have prepared a jessie (LTS) update addressing libsdl2-image's current
> > security issues. I will coordinate with the security team to possibly fix
> > them in a future stretch/buster point update.
> > 
> > Are you planning to address these issues in testing?  Packaging upstream's
> > latest 2.0.5 release should be sufficient, but they can also be addressed
> > with more targeted fixes.
> > 
> > I can provide some help if needed.
> Thanks for your work!
> I'm preparing a 2.0.5 upload right now.

Great, thanks!

> As far as I can tell all CVEs in the tracker are fixed with 2.0.5.
> Do you agree?


By the way, I had a second look and it appears that CVE-2019-5051 was also
fixed by the jessie LTS upload. CVE-2019-5051 is also a member of the
CVE-2019-12221 family, and is therefore fixed by [0].


[0] https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: