[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libsdl2 patches cause regressions in Jessie


> If my understanding is correct, some patches in libsdl2
> (2.0.2+dfsg1-6+deb8u1) as applied in Jessie cause issues because they were
> intended for libsdl1.2, not libsdl2.
> The patch for CVE-2019-7637 causes regressions (more info here
> <https://bugzilla.novell.com/show_bug.cgi?id=1124825>), the commit here
> <https://hg.libsdl.org/SDL/rev/81a4950907a0> fixes the CVE.
> The patch for CVEs CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 has
> unreachable code. The commit here
> <https://hg.libsdl.org/SDL/rev/7c643f1c1887> fixes CVE-2019-7635 and the
> commit here <https://hg.libsdl.org/SDL/rev/07c39cbbeacf> fixes CVEs
> CVE-2019-7638 and CVE-2019-7636.

This looks like a regression, indeed. I will provide a regression update
as soon as possible.


                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: