Felix Geyer pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4c00bb2e by Felix Geyer at 2019-09-17T20:33:09Z Mark CVE-2019-13626 as not affecting libsdl1.2 Support for 24-bit PCM WAVE has been introduced in SDL 2.0. Additionally the unchecked encoded variable end in IMA_ADPCM_decode() is already covered by CVE-2019-7574. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8102,11 +8102,9 @@ CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-base [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) [jessie] - libsdl2 <no-dsa> (Minor issue) - - libsdl1.2 <unfixed> - [buster] - libsdl1.2 <no-dsa> (Minor issue) - [stretch] - libsdl1.2 <no-dsa> (Minor issue) - [jessie] - libsdl1.2 <no-dsa> (Minor issue) + - libsdl1.2 <not-affected> (Vulnerable code added later) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4522 + NOTE: 24-bit PCM WAVE introduced in SDL 2.0 CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or restore ...) - ghidra <itp> (bug #923851) CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c00bb2e798bacc343d61f67347a4a13cd1291a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c00bb2e798bacc343d61f67347a4a13cd1291a4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits