-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Oct 2019 15:41:03 +0200 Source: libsdl2 Binary: libsdl2-2.0-0 libsdl2-dev libsdl2-dbg Architecture: source amd64 Version: 2.0.2+dfsg1-6+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: libsdl2-2.0-0 - Simple DirectMedia Layer libsdl2-dbg - Simple DirectMedia Layer debug files libsdl2-dev - Simple DirectMedia Layer development files Closes: 878264 Changes: libsdl2 (2.0.2+dfsg1-6+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Last update introduced several patches originally intended for libsdl1.2, not libsdl2, leading to a variety of regressions as reported by Avital Ostromich. - Remove CVE-2019-7637.patch: this patch was never meant for libsdl2. Replace it by CVE-2017-2888.patch, which addresses both CVE-2017-2888 and CVE-2019-7637 (Closes: #878264). - Remove CVE-2019-7635_CVE-2019-7636_CVE-2019-7638.patch: this patch combines several patches which were also meant for libsdl1.2. Replace it by CVE-2019-7635.patch and CVE-2019-76_36-38.patch. Checksums-Sha1: 8c45ae3cb6615cd0ea586d7df447cdb09812f345 2496 libsdl2_2.0.2+dfsg1-6+deb8u2.dsc f67492997e18dc4db77728a90290d0db0056e429 1417848 libsdl2_2.0.2+dfsg1.orig.tar.xz 48e6ef4e6195fe9d1142c068853c1a5bb579158e 19116 libsdl2_2.0.2+dfsg1-6+deb8u2.debian.tar.xz 7585e7a8c81ea648229e3d56939469c9f72736dc 323220 libsdl2-2.0-0_2.0.2+dfsg1-6+deb8u2_amd64.deb e2bb80f1bb0eb1547941fb8a4a6579ab098bea1a 1116616 libsdl2-dev_2.0.2+dfsg1-6+deb8u2_amd64.deb f0a0812d761263d8b26d1a889546445f4d26088e 1269424 libsdl2-dbg_2.0.2+dfsg1-6+deb8u2_amd64.deb Checksums-Sha256: 7d587b955c1da1d6c1be7b43e17f2d5735635db2b0c4767516285217ed3871ea 2496 libsdl2_2.0.2+dfsg1-6+deb8u2.dsc 99205b37b7871fd8abb588ba5855b2aecd04185018894e0d9b7a6664df295d9d 1417848 libsdl2_2.0.2+dfsg1.orig.tar.xz b16bd6255c3e3809f31dcbab1da24c07bfb6785569058490866796eb022dac42 19116 libsdl2_2.0.2+dfsg1-6+deb8u2.debian.tar.xz 11fc9fb2bcf9ee93c84850f8548a1fa8abf4710973c70683cb5855ef2261e70f 323220 libsdl2-2.0-0_2.0.2+dfsg1-6+deb8u2_amd64.deb c97e47906f7c828679f90452d0b8311f047df5a8b3d7eb9ba454fd4489ed88b6 1116616 libsdl2-dev_2.0.2+dfsg1-6+deb8u2_amd64.deb fd42bd467abf6c9623f9176147c00b1101245ddcdb3c81e391d59c5c86c0c57d 1269424 libsdl2-dbg_2.0.2+dfsg1-6+deb8u2_amd64.deb Files: 459f7530ed54b5007193ea1d04cd4415 2496 libs optional libsdl2_2.0.2+dfsg1-6+deb8u2.dsc 43fa75fc9920d5a3da3a383f46eccac4 1417848 libs optional libsdl2_2.0.2+dfsg1.orig.tar.xz cc84eeb49ac16c7df528c452d6d9ed0d 19116 libs optional libsdl2_2.0.2+dfsg1-6+deb8u2.debian.tar.xz 25e23216cd9970300039a7351b80c243 323220 libs optional libsdl2-2.0-0_2.0.2+dfsg1-6+deb8u2_amd64.deb ce9b38455cae641ee57dd3cab75a66d7 1116616 libdevel optional libsdl2-dev_2.0.2+dfsg1-6+deb8u2_amd64.deb 0115c44a44722cb155cb57765ae08a63 1269424 debug extra libsdl2-dbg_2.0.2+dfsg1-6+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2nIdkACgkQEeMFjl5E GkKRRAv/QcxP80Rshcxwid4f1aT2n6c9S/m5ZqhXBUkcLWXaww2vEK1DAfR9uq8B uC7QUMh4bZqs8giesv3hNzVarxfMHS/vmKh7Oq6Ch4VBdwK53CNrl5zB+BmRSqjH AazYrgR6Qr7QEfRMAc5jK05JO2V+86yQAW6R9bVoiF8UT0VNT6Zqgr2J9zxuMZYh iC1I2D9eP7waaAGNWtRdMXElGSHRPloO8sRyxluLw902adR9cXB+IWlYmLUTkiEv cV0MtkzKJCkIoJqOUHxIbwLWxYKQ65Ty30RdNuwx7hKSJdgAkM02ES2yt6P+KQ2p xk/uRa1ENnazNTEXogzV2Sj7FV3D/lCt4/AURC0ML9YzE8uzH0anXOmUSvUjIpnq sycySDkVFFx3a/xjefeDhMlCE/+kNo8G7zuQ1fSbZWAsJri87V7lUyGL94NPgRG1 yoBlCdTW1o/k+Zu1zZnNICHcUob4WAk8mrbxxC1hKpZeEwYOMUkzuEwR/7b4oKog py3cKSe7 =wgW5 -----END PGP SIGNATURE-----