Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 85d09bd6 by Markus Koschany at 2023-02-09T00:44:58+01:00 Reserve DLA-3314-1 for libsdl2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -10121,7 +10121,6 @@ CVE-2022-4744 CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...) - libsdl2 2.26.0+dfsg-1 [bullseye] - libsdl2 <no-dsa> (Minor issue) - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290 NOTE: https://github.com/libsdl-org/SDL/pull/6269 NOTE: Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1) @@ -125975,7 +125974,6 @@ CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (S [stretch] - libsdl1.2 <no-dsa> (Minor issue) - libsdl2 2.0.20+dfsg-2 [bullseye] - libsdl2 2.0.14+dfsg2-3+deb11u1 - [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20) CVE-2021-33656 (When setting font with malicous data by ioctl cmd PIO_FONT,kernel will ...) @@ -204144,13 +204142,11 @@ CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based b {DLA-2536-1} - libsdl1.2 <not-affected> (Only affects SDL2) - libsdl2 2.0.14+dfsg2-2 - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...) {DLA-2536-1} - libsdl2 2.0.14+dfsg2-2 - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with CVE-2019-7637 @@ -260560,7 +260556,6 @@ CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the li NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5) CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...) - libsdl2 2.0.10+dfsg1-1 - [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) [jessie] - libsdl2 <no-dsa> (Minor issue) - libsdl1.2 <not-affected> (Vulnerable code added later) @@ -260601,7 +260596,6 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-r CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1} - libsdl2 2.0.10+dfsg1-1 - [buster] - libsdl2 <no-dsa> (Minor issue) [jessie] - libsdl2 <postponed> (can be fixed along with more important patches) - libsdl1.2 1.2.15+dfsg2-5 [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 @@ -279137,7 +279131,6 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf @@ -279158,7 +279151,6 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2) @@ -279167,7 +279159,6 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 @@ -279309,7 +279300,6 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494 NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2) @@ -279318,7 +279308,6 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492 NOTE: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/416136310b88 (SDL-1.2) @@ -279329,7 +279318,6 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490 NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff @@ -279339,7 +279327,6 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493 NOTE: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 (SDL-1.2) NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: @@ -279349,7 +279336,6 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496 NOTE: https://hg.libsdl.org/SDL/rev/a6e3d2f5183e (SDL-1.2) @@ -279360,7 +279346,6 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491 NOTE: same patch as CVE-2019-7576 @@ -279372,7 +279357,6 @@ CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 <no-dsa> (Minor issue) [stretch] - libsdl2 <no-dsa> (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495 NOTE: https://hg.libsdl.org/SDL/rev/e52413f52586 (SDL-1.2) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[09 Feb 2023] DLA-3314-1 libsdl2 - security update + {CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 CVE-2019-13616 CVE-2019-13626 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 CVE-2022-4743} + [buster] - libsdl2 2.0.9+dfsg1-1+deb10u1 [08 Feb 2023] DLA-3313-1 wireshark - security update {CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0417} [buster] - wireshark 2.6.20-0+deb10u5 ===================================== data/dla-needed.txt ===================================== @@ -127,11 +127,6 @@ libreoffice NOTE: 20221012: Programming language: C++. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git -- -libsdl2 (Markus Koschany) - NOTE: 20221111: Programming language: C. - NOTE: 20221111: Sync with jessie/stretch/bullseye (Beuc/front-desk) - NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/libsdl2.git --- linux (Ben Hutchings) NOTE: 20230111: Programming language: C -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d09bd6561a661e3fe017511079e24ff668839f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d09bd6561a661e3fe017511079e24ff668839f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits