Hi Felix, (CC-ing #932754 which tracks this issue)
> > I have prepared a jessie (LTS) update addressing libsdl2-image's current > > security issues. I will coordinate with the security team to possibly fix > > them in a future stretch/buster point update. > > > > Are you planning to address these issues in testing? Packaging upstream's > > latest 2.0.5 release should be sufficient, but they can also be addressed > > with more targeted fixes. > > > > I can provide some help if needed. > > Thanks for your work! > > I'm preparing a 2.0.5 upload right now. Great, thanks! > As far as I can tell all CVEs in the tracker are fixed with 2.0.5. > Do you agree? Exactly. By the way, I had a second look and it appears that CVE-2019-5051 was also fixed by the jessie LTS upload. CVE-2019-5051 is also a member of the CVE-2019-12221 family, and is therefore fixed by [0]. cheers, Hugo [0] https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
