Summary: | <media-libs/libsdl2-2.0.20 <media-libs/libsdl-1.2.15_p20221201: heap overflow via malicious bmp file | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | games, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 | ||
See Also: |
https://github.com/libsdl-org/SDL/issues/5042 https://bugs.gentoo.org/show_bug.cgi?id=861809 |
||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 836664, 836667, 886195 | ||
Bug Blocks: |
Description
John Helmert III
2022-04-02 21:53:35 UTC
Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cef47e4e9a0a9bef8a22dbfb6bb9a2778aedd5b9 commit cef47e4e9a0a9bef8a22dbfb6bb9a2778aedd5b9 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2022-04-14 21:31:12 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2022-04-14 21:31:12 +0000 media-libs/libsdl2: Drop old and vulnerable 2.0.16-r1 Bug: https://bugs.gentoo.org/836665 Signed-off-by: James Le Cuirot <chewi@gentoo.org> media-libs/libsdl2/Manifest | 1 - media-libs/libsdl2/libsdl2-2.0.16-r1.ebuild | 230 ---------------------------- 2 files changed, 231 deletions(-) This seems to affect media-libs/libsdl too: https://github.com/libsdl-org/SDL-1.2/commit/d95c1a4bbd644baba748d341b03141e5f0481ae6. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9939f85601cbca6f6cd1ee7f39f4f8c170358595 commit 9939f85601cbca6f6cd1ee7f39f4f8c170358595 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-16 04:35:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-16 04:35:02 +0000 media-libs/libsdl: add 1.2.15_p20221201 Fixes CVE-2021-33657. Bug: https://bugs.gentoo.org/836665 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libsdl/Manifest | 1 + media-libs/libsdl/libsdl-1.2.15_p20221201.ebuild | 166 +++++++++++++++++++++++ 2 files changed, 167 insertions(+) GLSA request filed (for libsdl only) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1df848183ceabb2deaed160a1e0f1606600e81b7 commit 1df848183ceabb2deaed160a1e0f1606600e81b7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-18 ] libsdl2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/836665 Bug: https://bugs.gentoo.org/890614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-18.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) https://gitweb.gentoo.org/data/glsa.git/commit/?id=dc3bc707b0c4671c9ae4a89a5b6777e764f0c3ad commit dc3bc707b0c4671c9ae4a89a5b6777e764f0c3ad Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-17 ] libsdl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/692388 Bug: https://bugs.gentoo.org/836665 Bug: https://bugs.gentoo.org/861809 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-17.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) |