Bug#1067392: bullseye-pu: package allegro5/2:5.2.6.0-3+deb11u1
Andreas Rönnquist
gusnan at debian.org
Wed Mar 20 21:59:31 GMT 2024
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: allegro5 at packages.debian.org
Control: affects -1 + src:allegro5
User: release.debian.org at packages.debian.org
Usertags: pu
[ Reason ]
Older versions of Allegro5 contains a no-dsa security vulnerability
(CVE-2021-36489, https://security-tracker.debian.org/tracker/CVE-2021-36489 )
fixed in later versions of allegro5, and also still present in allegro4.4
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032670
I would like to fix this in allegro5 in bullseye, patch containing four
commits cherry-picked from upstream attached.
[ Tests ]
Running an example with a provided file crashes allegro with a buffer
overflow, as in https://github.com/liballeg/allegro5/issues/1251
With the fix, the result is an error message and not the crash.
[ Risks ]
The code is applied upstream in later version (5.2.8.0, already
provided in later versions of Debian).
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Four commits cherry-picked from upstream, providing better checks if the image
provided is invalid.
[ Other info ]
debdiff attached.
More information about the Pkg-games-devel
mailing list