UbuntuUpdates.org

Package "libsdl2-dbg"

Name: libsdl2-dbg

Description:

Simple DirectMedia Layer debug files

Latest version: 2.0.4+dfsg1-2ubuntu2.16.04.2
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: libsdl2
Homepage: http://www.libsdl.org/

Links


Download "libsdl2-dbg"


Other versions of "libsdl2-dbg" in Xenial

Repository Area Version
base universe 2.0.4+dfsg1-2ubuntu2
security universe 2.0.4+dfsg1-2ubuntu2.16.04.2

Changelog

Version: 2.0.4+dfsg1-2ubuntu2.16.04.2 2019-09-30 16:06:56 UTC

  libsdl2 (2.0.4+dfsg1-2ubuntu2.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read in Fill_IMA_ADPCM_block
    - debian/patches/CVE-2017-2888.diff: check var size before mallocing pixels
    - debian/patches/CVE-2017-2888_CVE-2019-7637.diff: assert size of int
      before mallocing
    - CVE-2017-2888
    - CVE-2019-7637
  * SECURITY UPDATE: heap-based buffer over-read in Blit1to4
    - debian/patches/CVE-2019-7635.diff: add error checking to SDL_LoadBMP_RW
    - CVE-2019-7635
  * SECURITY UPDATE: heap-based buffer over-read in Map1toN and
     SDL_GetRGB
    - debian/patches/CVE-2019-7636_CVE-2019-7638.patch: add error checking to
      SDL_LoadBMP_RW
    - CVE-2019-7636
    - CVE-2019-7638
  * Package failed to build from source
    - debian/patches/ftbfs.diff: Add wl_proxy_marshal_constructor_versioned sym

 -- Avital Ostromich <email address hidden> Wed, 28 Aug 2019 14:45:27 -0400

Source diff to previous version
CVE-2017-2888 An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer over
CVE-2019-7637 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7635 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7636 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7638 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Version: 2.0.4+dfsg1-2ubuntu2.16.04.1 2019-03-19 19:07:15 UTC

  libsdl2 (2.0.4+dfsg1-2ubuntu2.16.04.1) xenial; urgency=medium

  * Cherry-pick upstream fix for full-screen switching mode
    LP: #1679573

 -- Gianfranco Costamagna <email address hidden> Sat, 11 Nov 2017 10:55:43 +0100

1679573 [SRU]full-screen switching is broken



About   -   Send Feedback to @ubuntu_updates