[Git][security-tracker-team/security-tracker][master] Add initial tracking of some new SDL issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92b2bf8d by Salvatore Bonaccorso at 2019-05-20T21:18:08Z
Add initial tracking of some new SDL issues

Please make sure first that the tracking is correct, the bug reports are
at the stage of just beeing dropped in in upstream's bugzilla and
neither yet acknowledged by upstream.

The source package name tracking might not be 100% correct a this stage
and might need to be adjusted when details become clear.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,19 +31,40 @@ CVE-2019-12224
 CVE-2019-12223
 	RESERVED
 CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2 <unfixed>
+	- libsdl1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621
+	TODO: check details and correct vulnerability location
 CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2 <unfixed>
+	- libsdl1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628
+	TODO: check details and correct vulnerability location
 CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2 <unfixed>
+	- libsdl1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
+	TODO: check details and correct vulnerability location
 CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2 <unfixed>
+	- libsdl1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
+	TODO: check details and correct vulnerability location
 CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2-image <unfixed>
+	- sdl-image1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620
+	TODO: check details and correct vulnerability location
 CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2 <unfixed>
+	- libsdl1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
+	TODO: check details and correct vulnerability location
 CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	TODO: check
+	- libsdl2-image <unfixed>
+	- sdl-image1.2 <unfixed>
+	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4619
+	TODO: check details and correct vulnerability location
 CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in  ...)
 	- matomo <itp> (bug #448532)
 CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92b2bf8d6e2d194cc3e39a45c9c27d38378c5d03

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92b2bf8d6e2d194cc3e39a45c9c27d38378c5d03
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190520/30e7d867/attachment.html>