Univention Bugzilla – Bug 54010
libsdl1.2: Multiple issues (4.4)
Last modified: 2021-11-03 16:43:48 CET
New Debian libsdl1.2 1.2.15+dfsg1-4+deb9u1 fixes: This update addresses the following issues: * Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572) * heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573) * heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574) * Heap based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575) * heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576) * Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577) * heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578) * heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635) * heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636) * heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637) * heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638) * heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libsdl1.2_1.2.15+dfsg1-4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libsdl1.2_1.2.15+dfsg1-4+deb9u1.dsc @@ -1,3 +1,31 @@ +1.2.15+dfsg1-4+deb9u1 [Sat, 30 Oct 2021 23:36:46 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble + in audio/SDL_wave.c. + * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM + in audio/SDL_wave.c. + * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode + in audio/SDL_wave.c. + * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode + in audio/SDL_wave.c. + * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM + in audio/SDL_wave.c. + * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW + in audio/SDL_wave.c. + * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM + in audio/SDL_wave.c. + * CVE-2019-7635: Heap-based buffer over-read in Blit1to4 + in video/SDL_blit_1.c. + * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB + in video/SDL_pixels.c. + * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect + in video/SDL_surface.c. + * CVE-2019-7638: Heap-based buffer over-read in Map1toN + in video/SDL_pixels.c. + * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN + in video/SDL_blit_N.c. + 1.2.15+dfsg1-4 [Thu, 17 Mar 2016 12:15:31 +0000] Manuel A. Fernandez Montecelo <mafm@debian.org>: * Urgency "high" to fix problems with migration of -dbg package. Thanks <http://piuparts.knut.univention.de/4.4-8/#1728167239418013877>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1085>