[Git][security-tracker-team/security-tracker][master] 2 commits: several CVEs fixed for libsdl2 in recent upload

Thorsten Alteholz alteholz at debian.org
Sat Jan 30 21:43:29 GMT 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0578e1c9 by Thorsten Alteholz at 2021-01-30T22:43:04+01:00
several CVEs fixed for libsdl2 in recent upload

- - - - -
8811a452 by Thorsten Alteholz at 2021-01-30T22:43:18+01:00
Reserve DLA-2536-1 for libsdl2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -111510,7 +111510,6 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-r
 CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
 	- libsdl2 2.0.10+dfsg1-1
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	[jessie] - libsdl2 <postponed> (can be fixed along with more important patches)
 	- libsdl1.2 1.2.15+dfsg2-5
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130014,7 +130013,6 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
 	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
@@ -130039,7 +130037,6 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
 	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
@@ -130050,7 +130047,6 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	- sdl-image1.2 1.2.12-11 (bug #932755)
 	[buster] - sdl-image1.2 1.2.12-10+deb10u1
 	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
@@ -130194,7 +130190,6 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
 	NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
@@ -130205,7 +130200,6 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
 	NOTE: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/416136310b88 (SDL-1.2)
@@ -130229,7 +130223,6 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
 	NOTE: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 (SDL-1.2)
 	NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2021] DLA-2536-1 libsdl2 - security update
+	{CVE-2019-7575 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 CVE-2019-13616 CVE-2020-14409 CVE-2020-14410}
+	[stretch] - libsdl2 2.0.5+dfsg1-2+deb9u1
 [30 Jan 2021] DLA-2431-2 libonig - regression update
 	[stretch] - libonig 6.1.3-2+deb9u2
 [27 Jan 2021] DLA-2535-1 ansible - security update


=====================================
data/dla-needed.txt
=====================================
@@ -55,8 +55,6 @@ intel-microcode
 --
 libdatetime-timezone-perl (Emilio)
 --
-libsdl2 (Thorsten Alteholz)
---
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ec22b50b623bfaaa8e557dae735e8c352a82d2ba...8811a45269faf0c383cc0413ca3d257001c8b25d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ec22b50b623bfaaa8e557dae735e8c352a82d2ba...8811a45269faf0c383cc0413ca3d257001c8b25d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210130/1fcc3da4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list