Summary: | <media-libs/libsdl-1.2.15_p20210224: multiple vulnerabilities (CVE-2019-{7572,7573,7574,7575,7576,7577,7578,7635,7636,7638,13616}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, games, sam |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/19733 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
=media-libs/libsdl-1.2.15_p20210224
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 692386 |
Description
GLSAMaker/CVETool Bot
2019-08-17 22:37:35 UTC
CVE-2019-7637 (https://nvd.nist.gov/vuln/detail/CVE-2019-7637): SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/libsdl2?id=1124f943b9eea126703d0c1df75df502e104232c (In reply to Sam James (sec padawan) from comment #2) > Tree is clean: > > https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/ > libsdl2?id=1124f943b9eea126703d0c1df75df502e104232c Oops, no it's not. (In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2019-7572 (https://nvd.nist.gov/vuln/detail/CVE-2019-7572): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4495 Patches: https://hg.libsdl.org/SDL/rev/e52413f52586 https://hg.libsdl.org/SDL/rev/a8afedbcaea0 > CVE-2019-7573 (https://nvd.nist.gov/vuln/detail/CVE-2019-7573): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the > wNumCoef loop). Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4491 Patches: https://hg.libsdl.org/SDL/rev/388987dff7bf https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 https://hg.libsdl.org/SDL/rev/fcbecae42795 > CVE-2019-7574 (https://nvd.nist.gov/vuln/detail/CVE-2019-7574): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4496 Patch: https://hg.libsdl.org/SDL/rev/a6e3d2f5183e > CVE-2019-7575 (https://nvd.nist.gov/vuln/detail/CVE-2019-7575): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4493 Patch: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 > CVE-2019-7576 (https://nvd.nist.gov/vuln/detail/CVE-2019-7576): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside > the > wNumCoef loop). Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4490 Closed as a duplicate of CVE-2019-7573. > CVE-2019-7577 (https://nvd.nist.gov/vuln/detail/CVE-2019-7577): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4492 Patches: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f https://hg.libsdl.org/SDL/rev/416136310b88 > CVE-2019-7578 (https://nvd.nist.gov/vuln/detail/CVE-2019-7578): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4494 Patches: Same as CVE-2019-7573 > CVE-2019-7635 (https://nvd.nist.gov/vuln/detail/CVE-2019-7635): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4498 Patches: https://hg.libsdl.org/SDL/rev/08f3b4992538 https://hg.libsdl.org/SDL/rev/4646533663ae > CVE-2019-7636 (https://nvd.nist.gov/vuln/detail/CVE-2019-7636): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4499 Patches: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 https://hg.libsdl.org/SDL/rev/07c39cbbeacf > CVE-2019-7638 (https://nvd.nist.gov/vuln/detail/CVE-2019-7638): > SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a > heap-based buffer over-read in Map1toN in video/SDL_pixels.c. Issue: https://bugzilla.libsdl.org/show_bug.cgi?id=4500 Patches: Same as CVE-2019-7636 CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Upstream issue: https://github.com/libsdl-org/SDL-1.2/issues/790 Patch: https://github.com/libsdl-org/SDL-1.2/commit/31a87d75f15c7acd9470fab9ceb129c0a255871f The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a336de7c0ccd1263d27555be703dcfdfaa3d568 commit 8a336de7c0ccd1263d27555be703dcfdfaa3d568 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2021-03-03 17:32:46 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2021-03-06 08:52:11 +0000 media-libs/libsdl: multiple CVEs v1.2.15_p20210224 Bug: https://bugs.gentoo.org/772194 Bug: https://bugs.gentoo.org/692388 EAPI 7 Bug: https://bugs.gentoo.org/774024 Dropping older patches included in snapshot Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/19733 Signed-off-by: James Le Cuirot <chewi@gentoo.org> media-libs/libsdl/Manifest | 1 + .../libsdl/files/libsdl-1.2.15-sdl-config.patch | 4 +- media-libs/libsdl/libsdl-1.2.15_p20210224.ebuild | 139 +++++++++++++++++++++ 3 files changed, 142 insertions(+), 2 deletions(-) I guess it's ready, but let's be slow to clean up in case of regressions. x86 done amd64 done arm done ppc done ppc64 done sparc stable arm64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74e12610ae4c66545f127e400e0a08bd7bc5a0d0 commit 74e12610ae4c66545f127e400e0a08bd7bc5a0d0 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-07-25 00:43:10 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-07-25 01:35:09 +0000 media-libs/libsdl: drop vulnerable 1.2.15-r9 Bug: https://bugs.gentoo.org/692388 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> media-libs/libsdl/Manifest | 1 - .../files/libsdl-1.2.15-SDL_EnableUNICODE.patch | 47 ------- .../libsdl/files/libsdl-1.2.15-bsd-joystick.patch | 28 ----- media-libs/libsdl/files/libsdl-1.2.15-caca.patch | 26 ---- .../libsdl/files/libsdl-1.2.15-const-xdata32.patch | 58 --------- .../libsdl/files/libsdl-1.2.15-joystick.patch | 13 -- .../libsdl/files/libsdl-1.2.15-resizing.patch | 60 --------- media-libs/libsdl/libsdl-1.2.15-r9.ebuild | 135 --------------------- 8 files changed, 368 deletions(-) Not blocking EAPI=5 removal anymore GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=dc3bc707b0c4671c9ae4a89a5b6777e764f0c3ad commit dc3bc707b0c4671c9ae4a89a5b6777e764f0c3ad Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-17 ] libsdl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/692388 Bug: https://bugs.gentoo.org/836665 Bug: https://bugs.gentoo.org/861809 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-17.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) |