Bug#912618: Bug#912617: libsdl2-image: CVE-2018-3977: do_layer_surface code execution vulnerability
Manuel A. Fernandez Montecelo
manuel.montezelo at gmail.com
Sun Nov 4 15:24:58 GMT 2018
Em dom, 4 de nov de 2018 às 15:48, Chris Lamb <lamby at debian.org> escreveu:
> Hi SDL maintainers & security team,
> > libsdl2-image: CVE-2018-3977: do_layer_surface code execution
> > vulnerability
> The attached patches apply cleanly to jessie, stretch and sid
> respectfully. (Looks like they reformatted their code later on.)
> I am happy to upload handle jessie, but I can also work on the
> stable/sid releases too if you wish; please let me know.
I am enjoying a kind of a "long weekend" / mini-holidays, could not
work on it so far and will not at least for another 3 or 4 days, and
since the rest of the team did not reply to the original report I
suppose that it's better that you go ahead unless they reply between
now and you reading this e-mail.
Thanks the several people involved in the work, both for the report
and patches and offer to fix!
Manuel A. Fernandez Montecelo <manuel.montezelo at gmail.com>
More information about the Pkg-sdl-maintainers