Univention Bugzilla – Bug 45620
sdl-image1.2: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:37 CEST
Upstream Debian package version 1.2.12-2+deb7u1 fixes: * An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. (CVE-2017-2887)
No patch for Debian-Jessie: [jessie] - libsdl2-image <no-dsa> (Minor issue)
r17991 | Bug #45620: sdl-image1.2 Package: sdl-image1.2 Version: 1.2.12-5A~4.2.0.201801251702 Branch: ucs_4.2-0 Scope: errata4.2-3 4c9b6dedfa Bug #45620: sdl-image1.2
--- mirror/ftp/4.2/unmaintained/4.2-0/source/sdl-image1.2_1.2.12-5.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/sdl-image1.2_1.2.12-5A~4.2.0.201801251702.dsc @@ -1,3 +1,8 @@ +1.2.12-5A~4.2.0.201801251702 [Thu, 25 Jan 2018 17:02:51 +0100] Univention builddaemon <buildd@univention.de>: + + * UCS auto build. The following patches have been applied to the original source package + 10_CVE-2017-2887 + 1.2.12-5 [Sun, 01 Sep 2013 13:03:02 +0200] Felix Geyer <fgeyer@debian.org>: * Really regenerate autoconf files. The upstream autogen.sh doesn't
[4.2-3] 4bb8f0e8a9 Bug #45620: sdl-image1.2 1.2.12-5+deb8u1 doc/errata/staging/sdl-image1.2.yaml | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
--- mirror/ftp/4.2/unmaintained/4.2-0/source/sdl-image1.2_1.2.12-5.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/sdl-image1.2_1.2.12-5+deb8u1.dsc @@ -1,3 +1,17 @@ +1.2.12-5+deb8u1 [Sun, 15 Apr 2018 17:54:58 +0200] Felix Geyer <fgeyer@debian.org>: + + * Backport various security fixes: + - CVE-2017-2887 + - CVE-2017-12122 + - CVE-2017-14440 + - CVE-2017-14441 + - CVE-2017-14442 + - CVE-2017-14448 + - CVE-2017-14450 + - CVE-2018-3837 + - CVE-2018-3838 + - CVE-2018-3839 + 1.2.12-5 [Sun, 01 Sep 2013 13:03:02 +0200] Felix Geyer <fgeyer@debian.org>: * Really regenerate autoconf files. The upstream autogen.sh doesn't
* No UCS specific patches * r17991 - 4.2-0-0-ucs/1.2.12-5-errata4.2-3/10_CVE-2017-2887.quilt obsoleted by import of upstream version 1.2.12-5+deb8u1* Comparison to previously shipped version ok * Binary package update Ok * Advisory adjusted: 09946d18cd | Sort CVEs
<http://errata.software-univention.de/ucs/4.2/399.html>