Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2

To: Hugo Lefeuvre <hle@debian.org>, 933218@bugs.debian.org
Subject: Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 27 Jul 2019 13:47:46 -0300
Message-id: <[🔎] 738eb8ab9d7f3589b88dc4b25657f818@mail.adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 933218@bugs.debian.org
In-reply-to: <[🔎] 20190727163205.GA1207@behemoth.owl.eu.com.local>
References: <[🔎] 20190727163205.GA1207@behemoth.owl.eu.com.local> <[🔎] 20190727163205.GA1207@behemoth.owl.eu.com.local>

Control: tags -1 + confirmed

On 2019-07-27 13:32, Hugo Lefeuvre wrote:

libsdl2-image is currently affected by the following security issues in
stretch:

* CVE-2018-3977: Heap buffer overflow.

* CVE-2019-5052: integer overflow and subsequent buffer overflow in
  IMG_pcx.c.

* CVE-2019-5051: heap-based buffer overflow in IMG_pcx.c.

* CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).

* CVE-2019-12216, CVE-2019-12217,
  CVE-2019-12218, CVE-2019-12219,
  CVE-2019-12220, CVE-2019-12221,
  CVE-2019-12222: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).

(for more information, see #932754)


Please go ahead; thanks.

Regards,

Adam

Reply to:

References:
- Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Bug#932318: buster-pu: package unzip/6.0-23+deb10u1
Next by Date: Processed: Re: Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2
Previous by thread: Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2
Next by thread: Processed: Re: Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2
Index(es):
- Date
- Thread