[Git][security-tracker-team/security-tracker][master] CVE-2018-3977: add follow-up fix

Hugo Lefeuvre hle at debian.org
Sun Jul 21 21:43:33 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf072fbf by Hugo Lefeuvre at 2019-07-21T20:40:47Z
CVE-2018-3977: add follow-up fix

https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8 is obviously broken, ty is
sanitized instead of y which is the actual index variable.

Add follow up fix.

Also, remove no-dsa triage for jessie since this issue will be addressed in
the next upload.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81208,12 +81208,11 @@ CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Wo
 CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)
 	- libsdl2-image 2.0.3+dfsg1-3 (bug #912617)
 	[stretch] - libsdl2-image <no-dsa> (Minor issue)
-	[jessie] - libsdl2-image <no-dsa> (Minor issue)
 	- sdl-image1.2 1.2.12-10 (bug #912618)
 	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
-	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645
 	NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
+	NOTE: follow-up fix (TALOS-2019-0842): https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
 CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster file form ...)
 	NOT-FOR-US: Canvas Draw
 CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the RTF- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf072fbfe0f0650838671c70f61010ec97e86a9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf072fbfe0f0650838671c70f61010ec97e86a9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190721/ac0aed24/attachment.html>

More information about the debian-security-tracker-commits mailing list