Felix Geyer pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c00bb2e by Felix Geyer at 2019-09-17T20:33:09Z
Mark CVE-2019-13626 as not affecting libsdl1.2
Support for 24-bit PCM WAVE has been introduced in SDL 2.0.
Additionally the unchecked encoded variable end in IMA_ADPCM_decode() is
already covered by CVE-2019-7574.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8102,11 +8102,9 @@ CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x
through 2.0.9 has a heap-base
[buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <no-dsa> (Minor issue)
- - libsdl1.2 <unfixed>
- [buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- [jessie] - libsdl1.2 <no-dsa> (Minor issue)
+ - libsdl1.2 <not-affected> (Vulnerable code added later)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4522
+ NOTE: 24-bit PCM WAVE introduced in SDL 2.0
CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or
restore ...)
- ghidra <itp> (bug #923851)
CVE-2019-13624 (In ONOS 1.15.0,
apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c00bb2e798bacc343d61f67347a4a13cd1291a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c00bb2e798bacc343d61f67347a4a13cd1291a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
