Bug#932754: libsdl2-image security issues in testing
Hugo Lefeuvre
hle at debian.org
Mon Jul 22 22:49:15 BST 2019
Hi Felix,
(CC-ing #932754 which tracks this issue)
> > I have prepared a jessie (LTS) update addressing libsdl2-image's current
> > security issues. I will coordinate with the security team to possibly fix
> > them in a future stretch/buster point update.
> >
> > Are you planning to address these issues in testing? Packaging upstream's
> > latest 2.0.5 release should be sufficient, but they can also be addressed
> > with more targeted fixes.
> >
> > I can provide some help if needed.
>
> Thanks for your work!
>
> I'm preparing a 2.0.5 upload right now.
Great, thanks!
> As far as I can tell all CVEs in the tracker are fixed with 2.0.5.
> Do you agree?
Exactly.
By the way, I had a second look and it appears that CVE-2019-5051 was also
fixed by the jessie LTS upload. CVE-2019-5051 is also a member of the
CVE-2019-12221 family, and is therefore fixed by [0].
cheers,
Hugo
[0] https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-sdl-maintainers/attachments/20190722/a218f9ee/attachment.sig>
More information about the Pkg-sdl-maintainers
mailing list