Source: libsdl2-image Version: 2.0.5+dfsg1-1 Severity: important Tags: security upstream Forwarded: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
Hi, The following vulnerability was published for libsdl2-image. CVE-2019-13616[0]: | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 | has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c | when called from SDL_SoftBlit in video/SDL_blit.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616 [1] https://bugzilla.libsdl.org/show_bug.cgi?id=4538 [2] https://hg.libsdl.org/SDL_image/rev/ba45f00879ba Please adjust the affected versions in the BTS as needed. Regards, Salvatore
