[Git][security-tracker-team/security-tracker][master] 3 commits: Reserve DLA-2803-1 for libsdl2

Sun Oct 31 09:01:12 GMT 2021


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6ac365b by Adrian Bunk at 2021-10-31T10:59:23+02:00
Reserve DLA-2803-1 for libsdl2

- - - - -
9655c96b by Adrian Bunk at 2021-10-31T11:00:01+02:00
dla: take libssh2

- - - - -
9bce96f6 by Adrian Bunk at 2021-10-31T11:00:28+02:00
dla: take libmspack

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -175281,7 +175281,6 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.6+dfsg1-4 (bug #924610)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
 	NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/32075e9e2135 (SDL-1.2)
@@ -295198,7 +295197,6 @@ CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API
 CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...)
 	{DLA-1714-2}
 	- libsdl2 2.0.6+dfsg1-4 (bug #878264)
-	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	[jessie] - libsdl2 <no-dsa> (Minor issue)
 	- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Oct 2021] DLA-2803-1 libsdl2 - security update
+	{CVE-2017-2888 CVE-2019-7637}
+	[stretch] - libsdl2 2.0.5+dfsg1-2+deb9u2
 [30 Oct 2021] DLA-2802-1 elfutils - security update
 	{CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665}
 	[stretch] - elfutils 0.168-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -58,7 +58,9 @@ libgit2 (Utkarsh)
 --
 libsdl1.2 (Adrian Bunk)
 --
-libsdl2 (Adrian Bunk)
+libmspack (Adrian Bunk)
+--
+libssh2 (Adrian Bunk)
 --
 linux (Ben Hutchings)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82a20e6521f72ce712fb61742fd071ba5bcd01ee...9bce96f6456b9b1773b6b7076617bec6a4a85889

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82a20e6521f72ce712fb61742fd071ba5bcd01ee...9bce96f6456b9b1773b6b7076617bec6a4a85889
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211031/18ab18b8/attachment-0001.htm>
