[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-13626 as not affecting libsdl1.2

[Felix Geyer]

Felix Geyer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c00bb2e by Felix Geyer at 2019-09-17T20:33:09Z
Mark CVE-2019-13626 as not affecting libsdl1.2

Support for 24-bit PCM WAVE has been introduced in SDL 2.0.
Additionally the unchecked encoded variable end in IMA_ADPCM_decode() is
already covered by CVE-2019-7574.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8102,11 +8102,9 @@ CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-base
 	[buster] - libsdl2 <no-dsa> (Minor issue)
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	[jessie] - libsdl2 <no-dsa> (Minor issue)
-	- libsdl1.2 <unfixed>
-	[buster] - libsdl1.2 <no-dsa> (Minor issue)
-	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
-	[jessie] - libsdl1.2 <no-dsa> (Minor issue)
+	- libsdl1.2 <not-affected> (Vulnerable code added later)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4522
+	NOTE: 24-bit PCM WAVE introduced in SDL 2.0
 CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or restore ...)
 	- ghidra <itp> (bug #923851)
 CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c00bb2e798bacc343d61f67347a4a13cd1291a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c00bb2e798bacc343d61f67347a4a13cd1291a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190917/8bd1e9e5/attachment-0001.html>