Summary: | <media-libs/libsdl2-2.0.10: integer overflow in audio/SDL_wave.c | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | games |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.libsdl.org/show_bug.cgi?id=4522 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=692392 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
media-libs/libsdl2-2.0.10
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 692392 |
Description
D'juan McDonald (domhnall)
2019-07-17 16:22:08 UTC
The CVE links to https://bugzilla.libsdl.org/show_bug.cgi?id=4522 but the main issue is at https://bugzilla.libsdl.org/show_bug.cgi?id=3894. The patches are quite heavy and there's talk of a 2.0.10 release so I'll sit tight for the moment. commit 1ab804d7dfd299720ab731ce28d75c0e647b34b0 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Jul 26 13:34:10 2019 media-libs/libsdl2: Bump to version 2.0.10 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> @arches, please stabilize. arm64 stable x86 stable amd64 stable This issue was resolved and addressed in GLSA 201909-07 at https://security.gentoo.org/glsa/201909-07 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. ia64/ppc/ppc64 stable arm stable alpha stable all arches done (In reply to Matt Turner from comment #11) > alpha stable I don't see that. $ eshowkw libsdl2 Keywords for media-libs/libsdl2: | | u | | a a a p s r | n | | l m r i p h m s p i m | e u s | r | p d a m a p c x p 6 3 a s i | a s l | e | h 6 r 6 6 p 6 8 p 8 9 s r c p | p e o | p | a 4 m 4 4 c 4 6 a k 0 h c v s | i d t | o ----------+-------------------------------+-------+------- 2.0.9 | + + + + + + + + ~ o o o + o o | 6 o 0 | gentoo [I]2.0.10 | ~ + + + + + + + ~ o o o ~ o o | 7 o | gentoo (This also fixes CVE-2019-13616). (In reply to Andreas Sturmlechner from comment #12) > (In reply to Matt Turner from comment #11) > > alpha stable > > I don't see that. > > $ eshowkw libsdl2 > Keywords for media-libs/libsdl2: > | | u | > | a a a p s r | n | > | l m r i p h m s p i m | e u s | r > | p d a m a p c x p 6 3 a s i | a s l | e > | h 6 r 6 6 p 6 8 p 8 9 s r c p | p e o | p > | a 4 m 4 4 c 4 6 a k 0 h c v s | i d t | o > ----------+-------------------------------+-------+------- > 2.0.9 | + + + + + + + + ~ o o o + o o | 6 o 0 | gentoo > [I]2.0.10 | ~ + + + + + + + ~ o o o ~ o o | 7 o | gentoo alpha fine now @sparc, can we have 2.0.10 stabilised? CC'ing sparc. commit 6dc3294df3f025de37127eb400cf4289c403f609 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Fri Mar 27 08:49:53 2020 +0100 media-libs/libsdl2: stable 2.0.10 for sparc, bug #690064 @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1124f943b9eea126703d0c1df75df502e104232c commit 1124f943b9eea126703d0c1df75df502e104232c Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2020-04-02 22:39:54 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-04-02 22:39:54 +0000 media-libs/libsdl2: Drop old and vulnerable 2.0.9 Bug: https://bugs.gentoo.org/690064 Package-Manager: Portage-2.3.96, Repoman-2.3.20 Signed-off-by: James Le Cuirot <chewi@gentoo.org> media-libs/libsdl2/Manifest | 1 - .../libsdl2/files/libsdl2-2.0.6-static-libs.patch | 44 ----- media-libs/libsdl2/libsdl2-2.0.9.ebuild | 189 --------------------- 3 files changed, 234 deletions(-) Thanks for cleaning up quickly. GLSA done, tree clean => closing. |