Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Control: tags -1 + confirmed On Thu, 2019-08-08 at 21:33 +0200, Hugo Lefeuvre wrote: > Hi Salvatore, > > > > Done! You can find an updated debdiff for buster in attachement. > > > The new > > > debdiff ships CVE-2019-5058.patch which addresses the remaining > > > issue in > > > IMG_xcf.c. > > >

Processed: Re: Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #933147 [release.debian.org] buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1 Added tag(s) confirmed. -- 933147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933147 Debian Bug Tracking System Contact ow...@bugs.debian.org with prob

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Hi Salvatore, > > Done! You can find an updated debdiff for buster in attachement. The new > > debdiff ships CVE-2019-5058.patch which addresses the remaining issue in > > IMG_xcf.c. > > Is the attachment missing? Right, attachment is missing! Better now :) regards, Hugo -- Hu

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Hi Hugo, On Thu, Aug 08, 2019 at 03:21:31PM +0200, Hugo Lefeuvre wrote: > Hi, > > > > Buster received [0] per 2.0.4+dfsg1-1, but not [1]. Even if I was aware > > > that the initial patch was broken (see stretch patch descriptions), I > > > failed to handle this properly in the buster version. > >

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Hi, > > Buster received [0] per 2.0.4+dfsg1-1, but not [1]. Even if I was aware > > that the initial patch was broken (see stretch patch descriptions), I > > failed to handle this properly in the buster version. > > > > As far as I remember, I did not upload this diff yet. I'll just provide an >

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Hi Hugo, On Mon, Aug 05, 2019 at 08:28:00AM +0200, Hugo Lefeuvre wrote: > Hi Salvatore, > > > Maybe I'm missing something but but please double check. Can it be > > that the stretch-pu upload contains the fix > > https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842 > > but the bus

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Hi Salvatore, > Maybe I'm missing something but but please double check. Can it be > that the stretch-pu upload contains the fix > https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842 > but the buster-pu one missed it? (Note this has a new CVE assigned > CVE-2019-5058, the change a

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Hi Hugo, Maybe I'm missing something but but please double check. Can it be that the stretch-pu upload contains the fix https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842 but the buster-pu one missed it? (Note this has a new CVE assigned CVE-2019-5058, the change afaics is includ

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, libsdl2-image is currently affected by the following security issues: * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c. * CVE-2019-5051: heap-ba