Hi, > If my understanding is correct, some patches in libsdl2 > (2.0.2+dfsg1-6+deb8u1) as applied in Jessie cause issues because they were > intended for libsdl1.2, not libsdl2. > The patch for CVE-2019-7637 causes regressions (more info here > <https://bugzilla.novell.com/show_bug.cgi?id=1124825>), the commit here > <https://hg.libsdl.org/SDL/rev/81a4950907a0> fixes the CVE. > The patch for CVEs CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 has > unreachable code. The commit here > <https://hg.libsdl.org/SDL/rev/7c643f1c1887> fixes CVE-2019-7635 and the > commit here <https://hg.libsdl.org/SDL/rev/07c39cbbeacf> fixes CVEs > CVE-2019-7638 and CVE-2019-7636. This looks like a regression, indeed. I will provide a regression update as soon as possible. regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature