Univention Bugzilla – Bug 52728
libsdl2: Multiple issues (4.4)
Last modified: 2021-02-03 15:04:09 CET
New Debian libsdl2 2.0.5+dfsg1-2+deb9u1 fixes: This update addresses the following issues: * Heap based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575) * Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577) * heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578) * heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635) * heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636) * heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638) * heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616) * Integer overflow in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file (CVE-2020-14409) * Heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file (CVE-2020-14410)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libsdl2_2.0.5+dfsg1-2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/libsdl2_2.0.5+dfsg1-2+deb9u1.dsc @@ -1,3 +1,29 @@ +2.0.5+dfsg1-2+deb9u1 [Thu, 28 Jan 2021 20:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2020-14409 and CVE-2020-14410 + Fix for buffer overflow and integer overflow which might result + in a DoS or remote code execution by using a crafted .BMP file. + * CVE-2019-7575 + Fix for a heap-based buffer overflow in MS_ADPCM_decode in + audio/SDL_wave.c. + * CVE-2019-7577 + Fix for a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. + * CVE-2019-7578 + If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it + could read past the end of chunk data. + * CVE-2019-7635 + Fix for a heap-based buffer over-read in Blit1to4 in + video/SDL_blit_1.c. + * CVE-2019-7636 + Fix for a heap-based buffer over-read in SDL_GetRGB in + video/SDL_pixels.c. + * CVE-2019-7638 + Fix for a a heap-based buffer over-read in Map1toN in + video/SDL_pixels.c. + * CVE-2019-13616 + Fix for a heap-based buffer over-read by using a crafted .BMP file. + 2.0.5+dfsg1-2 [Tue, 27 Dec 2016 18:11:10 +0100] Gianfranco Costamagna <locutusofborg@debian.org>: * Team Upload. <http://10.200.17.11/4.4-7/#512363125358187581>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 063c498e0c Bug #52728: libsdl2 2.0.5+dfsg1-2+deb9u1 doc/errata/staging/libsdl2.yaml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x879>