Control: tags -1 + confirmed
On Thu, 2019-08-08 at 21:33 +0200, Hugo Lefeuvre wrote:
> Hi Salvatore,
>
> > > Done! You can find an updated debdiff for buster in attachement.
> > > The new
> > > debdiff ships CVE-2019-5058.patch which addresses the remaining
> > > issue in
> > > IMG_xcf.c.
> >
>
Hi Salvatore,
> > Done! You can find an updated debdiff for buster in attachement. The new
> > debdiff ships CVE-2019-5058.patch which addresses the remaining issue in
> > IMG_xcf.c.
>
> Is the attachment missing?
Right, attachment is missing! Better now :)
regards,
Hugo
--
Hi Hugo,
On Thu, Aug 08, 2019 at 03:21:31PM +0200, Hugo Lefeuvre wrote:
> Hi,
>
> > > Buster received [0] per 2.0.4+dfsg1-1, but not [1]. Even if I was aware
> > > that the initial patch was broken (see stretch patch descriptions), I
> > > failed to handle this properly in the buster version.
>
Hi,
> > Buster received [0] per 2.0.4+dfsg1-1, but not [1]. Even if I was aware
> > that the initial patch was broken (see stretch patch descriptions), I
> > failed to handle this properly in the buster version.
> >
> > As far as I remember, I did not upload this diff yet. I'll just provide an
>
Hi Hugo,
On Mon, Aug 05, 2019 at 08:28:00AM +0200, Hugo Lefeuvre wrote:
> Hi Salvatore,
>
> > Maybe I'm missing something but but please double check. Can it be
> > that the stretch-pu upload contains the fix
> > https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842
> > but the
Hi Salvatore,
> Maybe I'm missing something but but please double check. Can it be
> that the stretch-pu upload contains the fix
> https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842
> but the buster-pu one missed it? (Note this has a new CVE assigned
> CVE-2019-5058, the change
Hi Hugo,
Maybe I'm missing something but but please double check. Can it be
that the stretch-pu upload contains the fix
https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842
but the buster-pu one missed it? (Note this has a new CVE assigned
CVE-2019-5058, the change afaics is
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
libsdl2-image is currently affected by the following security issues:
* CVE-2019-5052: integer overflow and subsequent buffer overflow in
IMG_pcx.c.
* CVE-2019-5051:
8 matches
Mail list logo