(Forwarding for completeness)
- Original message -
From: Moritz Mühlenhoff
To: Chris Lamb
Cc: "Manuel A. Fernandez Montecelo" ,
t...@security.debian.org
Subject: Re: Bug#912617: libsdl2-image: CVE-2018-3977: do_layer_surface code
execution vulnerability
Date: Wed, 7 Nov 201
Chris Lamb wrote:
> * Uploaded libsdl2-image 2.0.3+dfsg1-3 to fix #912617 in sid.
>
> * Uploaded sdl-image1.2 1.2.12-10 to sid to fix #912618 in sid.
>
> I will address jessie in the next day or so, although I think I
> would prefer to attack stable first.
Security team, can I gently ping
Hi Manuel,
> > Sure. From this I will go ahead and upload to sid. I've requested
> > access to the Salsa group so I can push my changes.
>
> I was planning to gbp-import-dsc, but if you prefer I'll grant you access,
> sure.
This should save you some effort at least. So, I've:
* Uploaded
Hi,
Em dom, 4 de nov de 2018 às 17:28, Chris Lamb escreveu:
>
> > I suppose that it's better that you go ahead unless they reply
> > between now and you reading this e-mail.
>
> Sure. From this I will go ahead and upload to sid. I've requested
> access to the Salsa group so I can push my
Hi Manuel,
> I suppose that it's better that you go ahead unless they reply
> between now and you reading this e-mail.
Sure. From this I will go ahead and upload to sid. I've requested
access to the Salsa group so I can push my changes.
(I still await the Security Team on stable.)
Regards,
Hi Chris,
Em dom, 4 de nov de 2018 às 15:48, Chris Lamb escreveu:
>
> Hi SDL maintainers & security team,
>
> > libsdl2-image: CVE-2018-3977: do_layer_surface code execution
> > vulnerability
>
> The attached patches apply cleanly to jessie, stretch and sid
> respectfully. (Looks like they
Source: libsdl2-image
Version: 2.0.3+dfsg1-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: found -1 2.0.1+dfsg-1
Control: found -1 2.0.1+dfsg-2+deb9u1
Control: clone -1 -2
Control: retitle -2 sdl-image1.2: CVE-2018-3977: do_layer_surface code
execution
7 matches
Mail list logo