Your message dated Mon, 03 Feb 2020 23:16:08 +0000
with message-id <[email protected]>
and subject line Bug#940934: fixed in libsdl2-image 2.0.5+dfsg1-2
has caused the Debian Bug report #940934,
regarding libsdl2-image: CVE-2019-13616
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsdl2-image
Version: 2.0.5+dfsg1-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
Hi,
The following vulnerability was published for libsdl2-image.
CVE-2019-13616[0]:
| SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9
| has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c
| when called from SDL_SoftBlit in video/SDL_blit.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
[1] https://bugzilla.libsdl.org/show_bug.cgi?id=4538
[2] https://hg.libsdl.org/SDL_image/rev/ba45f00879ba
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsdl2-image
Source-Version: 2.0.5+dfsg1-2
We believe that the bug you reported is fixed in the latest version of
libsdl2-image, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Geyer <[email protected]> (supplier of updated libsdl2-image package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Feb 2020 23:02:06 +0100
Source: libsdl2-image
Architecture: source
Version: 2.0.5+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian SDL packages maintainers
<[email protected]>
Changed-By: Felix Geyer <[email protected]>
Closes: 940934
Changes:
libsdl2-image (2.0.5+dfsg1-2) unstable; urgency=medium
.
* Cherry-pick upstream fix for CVE-2019-13616. (Closes: #940934)
Checksums-Sha1:
ac3d560b107da29842c77e2c35839cb3ad60cbf0 2246 libsdl2-image_2.0.5+dfsg1-2.dsc
0120ab28fea71d49c30227efc458319a3054aae5 8048
libsdl2-image_2.0.5+dfsg1-2.debian.tar.xz
Checksums-Sha256:
e699e46a7cad2120da98061811ec0836e3d7165f704708fcb5d101fe7445ff8d 2246
libsdl2-image_2.0.5+dfsg1-2.dsc
ecb4a7cb59ff6526651880bed72d9a0e9f8daf779151b3e718badb998a8eb819 8048
libsdl2-image_2.0.5+dfsg1-2.debian.tar.xz
Files:
59dd76cf7a76cd8583bc93e1fdae5845 2246 libs optional
libsdl2-image_2.0.5+dfsg1-2.dsc
7805d3ab00d4cad7d75093e8729d7885 8048 libs optional
libsdl2-image_2.0.5+dfsg1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAl44mNgACgkQ/iLG/YMT
XUXVXhAAixKSy2LvP8NTyLObMOjUZdrS2laiPpbQiUTWZySCyWUpnkAIwUm9NmYJ
KS+OpR9mAA8tho6bAYEG4+/3lDiJEeymRVjJw4y3CIkVnzmZNV3eg9wIsIVaTPgT
Iqao9TdcWTKH3LrTsr8vmXYM81PU0XWQBbxawCTA1T847idWctrGZnxGkB31vcdl
Yorg8Xgmihfkevh6WQ+q5rhlRvxY17G8J/NKqkTdnfEJ9bGC8uUB2hs4HTKJ90XN
q9UTtnU5gg6nBUk7Bvpj0nQnD18cnP8u2Ar0gqMGq8lge3qtWkD/96vdBFShBMMi
2onK/mr1fpEdUz/W0pgKZeQcn8sTm94As9rgnIbbjDXy0bpHQ2vuPKN/onozdhz9
HPqGa5R00EnC03NAXYfwxhaDhDr9rNOv5ItoBRevdzCEy1eCNXjaKb5oGNibdkOr
OOIpdt1K7HRVd2yNcgmOtYVLo96E9xZnCiKSh4UH/wwIiBGii1YcsK+nahIGu2qN
PE702hvahhqRSpkoT589+80cfNtVLHzH/64EWzUAm6pkDAn4KLv2OxyqgRNWZ7yu
jeLoZcYKuWpFuGcndaRdpNYcqdVHi1gAKZL6yovBy1hPcxpYSFIW9LOg8oz1TRP5
24GOaZOvuxbNpQ0kPdrpfDD2jhWEtqFAlO4hTXoAMBzBoN4T8Ew=
=9JYI
-----END PGP SIGNATURE-----
--- End Message ---