Univention Bugzilla – Bug 49076
libsdl1.2: Multiple issues (4.2)
Last modified: 2019-03-27 16:44:52 CET
New Debian libsdl1.2 1.2.15-10+deb8u1 fixes: This update addresses the following issues: * Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572) * heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573) * heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574) * Heap based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575) * heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576) * Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577) * heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578) * heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635) * heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636) * heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637) * heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/libsdl1.2_1.2.15-10.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libsdl1.2_1.2.15-10+deb8u1.dsc @@ -1,3 +1,10 @@ +1.2.15-10+deb8u1 [Wed, 05 Mar 2019 14:59:10 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575 + CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636 + CVE-2019-7637,CVE-2019-7638 + 1.2.15-10 [Mon, 30 Jun 2014 21:18:45 +0200] Felix Geyer <fgeyer@debian.org>: [ Hector Oron ] <http://10.200.17.11/4.2-5/#1284257595337378830>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 83e1df2873 Bug #49076: libsdl1.2 1.2.15-10+deb8u1 doc/errata/staging/libsdl1.2.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) [4.2-5] 15cbbd3e4c Bug #49076: libsdl1.2 1.2.15-10+deb8u1 doc/errata/staging/libsdl1.2.yaml | 42 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
<http://errata.software-univention.de/ucs/4.2/620.html>