Source: sdl-image1.2 Version: 1.2.12-10 Severity: important Tags: security upstream
Hi, the following security issues[0] were published for sdl-image1.2: * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c. * CVE-2019-5051: heap-based buffer overflow in IMG_pcx.c. * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c). * CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c). Fixing these issues: Patches are quite straightforward and I believe that some of these issues are worth fixing (reporter claims that they are "exploitable"). I have prepared and uploaded a jessie LTS update addressing most of these issues (all of them apart from CVE-2019-5051) via targeted fixes. If the security team agrees, I will provide targeted fixes for buster and stretch. For testing, I suggest to package the latest upstream release. If needed, I can provide an update with targeted fixes. regards, Hugo [0] https://security-tracker.debian.org/tracker/source-package/sdl-image1.2 -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
