[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Use HTTPs for hg.libsdl.org links

Felix Geyer fgeyer at debian.org
Mon Mar 5 19:49:38 UTC 2018 

Felix Geyer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
864f3e89 by Felix Geyer at 2018-03-05T20:45:45+01:00
Use HTTPs for hg.libsdl.org links

- - - - -
d073abab by Felix Geyer at 2018-03-05T20:45:46+01:00
Record fixed sdl-image1.2 version for SDL_image issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28885,21 +28885,21 @@ CVE-2017-14451
 CVE-2017-14450 [Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
-	NOTE: http://hg.libsdl.org/SDL_image/rev/45e750f92c84
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84
 CVE-2017-14449 [Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 <not-affected> (Vulnerable code not present)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
-	NOTE: http://hg.libsdl.org/SDL_image/rev/d0142861559c
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
 CVE-2017-14448 [Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
-	NOTE: http://hg.libsdl.org/SDL_image/rev/7df1580f1695
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
 CVE-2017-14447
 	RESERVED
 CVE-2017-14446
@@ -28913,21 +28913,21 @@ CVE-2017-14443
 CVE-2017-14442 [Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
-	NOTE: http://hg.libsdl.org/SDL_image/rev/37445f6180a8
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
 CVE-2017-14441 [Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code Execution Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
-	NOTE: http://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
 CVE-2017-14440 [Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
-	NOTE: http://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c
 CVE-2017-14439
 	RESERVED
 CVE-2017-14438
@@ -35874,10 +35874,10 @@ CVE-2017-12123
 CVE-2017-12122 [Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code Execution Vulnerability]
 	RESERVED
 	- libsdl2-image 2.0.3+dfsg1-1
+	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
-	NOTE: http://hg.libsdl.org/SDL_image/rev/16772bbb1b09
-	NOTE: http://hg.libsdl.org/SDL_image/rev/97f7f01e0665
-	TODO: check sdl-image1.2
+	NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09
+	NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665
 CVE-2017-12121
 	RESERVED
 CVE-2017-12120



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3e315bc54b0eab657f32b97b55e6c5c10adf807e...d073abab34fc4f078d336260da03b45a99de4731

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3e315bc54b0eab657f32b97b55e6c5c10adf807e...d073abab34fc4f078d336260da03b45a99de4731
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180305/b6f6c22a/attachment.html>

More information about the Secure-testing-commits mailing list