Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85d09bd6 by Markus Koschany at 2023-02-09T00:44:58+01:00
Reserve DLA-3314-1 for libsdl2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -10121,7 +10121,6 @@ CVE-2022-4744
CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in
GLES_CreateTex ...)
- libsdl2 2.26.0+dfsg-1
[bullseye] - libsdl2 <no-dsa> (Minor issue)
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290
NOTE: https://github.com/libsdl-org/SDL/pull/6269
NOTE: Fixed by:
https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
(prerelease-2.25.1)
@@ -125975,7 +125974,6 @@ CVE-2021-33657 (There is a heap overflow problem in
video/SDL_pixels.c in SDL (S
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.20+dfsg-2
[bullseye] - libsdl2 2.0.14+dfsg2-3+deb11u1
- [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE:
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
(release-2.0.20)
CVE-2021-33656 (When setting font with malicous data by ioctl cmd
PIO_FONT,kernel will ...)
@@ -204144,13 +204142,11 @@ CVE-2020-14410 (SDL (Simple DirectMedia Layer)
through 2.0.12 has a heap-based b
{DLA-2536-1}
- libsdl1.2 <not-affected> (Only affects SDL2)
- libsdl2 2.0.14+dfsg2-2
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer
Overflow ...)
{DLA-2536-1}
- libsdl2 2.0.14+dfsg2-2
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with
CVE-2019-7637
@@ -260560,7 +260556,6 @@ CVE-2019-13627 (It was discovered that there was a
ECDSA timing attack in the li
NOTE:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60
(1.8.5)
CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a
heap-based buff ...)
- libsdl2 2.0.10+dfsg1-1
- [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <not-affected> (Vulnerable code added later)
@@ -260601,7 +260596,6 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has
a heap-based buffer over-r
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-2804-1 DLA-2536-1}
- libsdl2 2.0.10+dfsg1-1
- [buster] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <postponed> (can be fixed along with more important
patches)
- libsdl1.2 1.2.15+dfsg2-5
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
@@ -279137,7 +279131,6 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
@@ -279158,7 +279151,6 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
@@ -279167,7 +279159,6 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
- sdl-image1.2 1.2.12-11 (bug #932755)
[buster] - sdl-image1.2 1.2.12-10+deb10u1
[stretch] - sdl-image1.2 1.2.12-5+deb9u2
@@ -279309,7 +279300,6 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
@@ -279318,7 +279308,6 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
NOTE: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/416136310b88 (SDL-1.2)
@@ -279329,7 +279318,6 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490
NOTE: Proposed patch:
https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
@@ -279339,7 +279327,6 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
NOTE: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 (SDL-1.2)
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix
available:
@@ -279349,7 +279336,6 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
NOTE: https://hg.libsdl.org/SDL/rev/a6e3d2f5183e (SDL-1.2)
@@ -279360,7 +279346,6 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
NOTE: same patch as CVE-2019-7576
@@ -279372,7 +279357,6 @@ CVE-2019-7572 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
NOTE: https://hg.libsdl.org/SDL/rev/e52413f52586 (SDL-1.2)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Feb 2023] DLA-3314-1 libsdl2 - security update
+ {CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576
CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638
CVE-2019-13616 CVE-2019-13626 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657
CVE-2022-4743}
+ [buster] - libsdl2 2.0.9+dfsg1-1+deb10u1
[08 Feb 2023] DLA-3313-1 wireshark - security update
{CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415
CVE-2023-0417}
[buster] - wireshark 2.6.20-0+deb10u5
=====================================
data/dla-needed.txt
=====================================
@@ -127,11 +127,6 @@ libreoffice
NOTE: 20221012: Programming language: C++.
NOTE: 20230111: VCS:
https://salsa.debian.org/lts-team/packages/libreoffice.git
--
-libsdl2 (Markus Koschany)
- NOTE: 20221111: Programming language: C.
- NOTE: 20221111: Sync with jessie/stretch/bullseye (Beuc/front-desk)
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/libsdl2.git
---
linux (Ben Hutchings)
NOTE: 20230111: Programming language: C
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d09bd6561a661e3fe017511079e24ff668839f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d09bd6561a661e3fe017511079e24ff668839f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
