[Git][security-tracker-team/security-tracker][master] dla-needed: update regarding sdl issues

Hugo Lefeuvre hle at debian.org
Tue May 28 15:45:22 BST 2019



Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
873bb439 by Hugo Lefeuvre at 2019-05-28T14:45:13Z
dla-needed: update regarding sdl issues

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -55,8 +55,19 @@ libmatio (Adrian Bunk)
   NOTE: 20190526: work is ongoing
 --
 libsdl1.2 (Hugo Lefeuvre)
+  NOTE: see libsdl2 entry.
 --
 libsdl2 (Hugo Lefeuvre)
+  NOTE: recent issues received very few investigation. Some of them have already been
+  NOTE: triaged no-dsa, but I think we should at least process the TODOs to determine
+  NOTE: which product exactly is affected.
+  NOTE: Also, I don't know very much how these functions are called by reverse
+  NOTE: dependencies, but CVE-2019-12221 at least is not a completely a "harmless
+  NOTE: crasher" since I suspect it to allow for unlimited oob write on the heap. Hard
+  NOTE: to exploit, but not impossible I believe.
+--
+libsdl2-image (Hugo Lefeuvre)
+  NOTE: see libsdl2 entry.
 --
 libspring-java (Roberto C. Sánchez)
   NOTE: 20190527: Many <no-dsa> minor issues, some of them fixed in stretch. Most of
@@ -111,6 +122,9 @@ ruby-omniauth (Abhijith PA)
   NOTE: CVE-2015-9284: known vulnerabilities. However the issue is rather old and the impact
   NOTE: CVE-2015-9284: may be rather large. When fixing this needs to be further investigated.
 --
+sdl-image1.2 (Hugo Lefeuvre)
+  NOTE: see libsdl2 entry.
+--
 simplesamlphp
 --
 sysdig (Hugo Lefeuvre)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/873bb439c80876708571b0c61d765cb78786d5ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/873bb439c80876708571b0c61d765cb78786d5ea
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190528/2cacb90d/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list