[Git][security-tracker-team/security-tracker][master] CVE-2019-12219: affects libsdl-image, not libsdl

Hugo Lefeuvre hle at debian.org
Tue May 28 16:04:27 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
386c1155 by Hugo Lefeuvre at 2019-05-28T15:01:49Z
CVE-2019-12219: affects libsdl-image, not libsdl

Very similar to CVE-2019-12220 and CVE-2019-12222. The vulnerability
lies in the sdl_image code base.

Those three CVEs are most likely duplicates, but for some reason the
paths are different. It is very unlikely that MITRE will accept to
reject them as duplicates.

See patch proposal and report on upstream bug tracker:
https://bugzilla.libsdl.org/show_bug.cgi?id=4625#c1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -389,14 +389,13 @@ CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
 	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
 CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
-	- libsdl2 <unfixed>
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
-	[jessie] - libsdl2 <no-dsa> (Minor issue)
-	- libsdl1.2 <unfixed>
-	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
-	[jessie] - libsdl1.2 <no-dsa> (Minor issue)
+	- libsdl2-image <unfixed>
+	[stretch] - libsdl2-image <no-dsa> (Minor issue)
+	[jessie] - libsdl2-image <no-dsa> (Minor issue)
+	- sdl-image1.2 <unfixed>
+	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
-	TODO: check details and correct vulnerability location
 CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
 	- libsdl2-image <unfixed>
 	[jessie] - libsdl2-image <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/386c115501f1ca6b4cd83c0f995ca6a01a869e53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/386c115501f1ca6b4cd83c0f995ca6a01a869e53
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190528/dfa1d942/attachment.html>

More information about the debian-security-tracker-commits mailing list