[Git][security-tracker-team/security-tracker][master] CVE-2019-13616: add commit links, also affects -image
Hugo Lefeuvre
hle at debian.org
Fri Aug 9 13:30:04 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
345adbdf by Hugo Lefeuvre at 2019-08-09T12:28:29Z
CVE-2019-13616: add commit links, also affects -image
Vulnerability also present in IMG_bmp.c from sdl-image.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3380,7 +3380,13 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-r
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- libsdl2 <unfixed>
- libsdl1.2 <unfixed>
+ - libsdl2-image <unfixed>
+ - sdl-image1.2 <unfixed>
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
+ NOTE: libsdl2: https://hg.libsdl.org/SDL/rev/e7ba650a643a
+ NOTE: libsdl1.2: https://hg.libsdl.org/SDL/rev/ad1bbfbca760
+ NOTE: libsdl2-image: https://hg.libsdl.org/SDL_image/rev/ba45f00879ba
+ NOTE: sdl-image1.2: https://hg.libsdl.org/SDL_image/rev/a59bfe382008
CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media ...)
- libebml 1.3.6-1 (low; bug #932241)
[stretch] - libebml <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/345adbdfc76aa1e45a63e19ce53f3e30bb48eade
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/345adbdfc76aa1e45a63e19ce53f3e30bb48eade
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/da67706d/attachment.html>
More information about the debian-security-tracker-commits
mailing list