Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libsdl2 2.0.5+dfsg1-2+deb9u1 (source amd64 all) into oldstable
Date: Sat, 30 Jan 2021 16:30:16 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Jan 2021 20:03:02 +0100
Source: libsdl2
Binary: libsdl2-2.0-0 libsdl2-dev libsdl2-doc
Architecture: source amd64 all
Version: 2.0.5+dfsg1-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libsdl2-2.0-0 - Simple DirectMedia Layer
 libsdl2-dev - Simple DirectMedia Layer development files
 libsdl2-doc - Reference manual for libsdl2
Changes:
 libsdl2 (2.0.5+dfsg1-2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2020-14409 and CVE-2020-14410
     Fix for buffer overflow and integer overflow which might result
     in a DoS or remote code execution by using a crafted .BMP file.
   * CVE-2019-7575
     Fix for a heap-based buffer overflow in MS_ADPCM_decode in
     audio/SDL_wave.c.
   * CVE-2019-7577
     Fix for a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
   * CVE-2019-7578
     If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it
     could read past the end of chunk data.
   * CVE-2019-7635
     Fix for a heap-based buffer over-read in Blit1to4 in
     video/SDL_blit_1.c.
   * CVE-2019-7636
     Fix for  a heap-based buffer over-read in SDL_GetRGB in
     video/SDL_pixels.c.
   * CVE-2019-7638
     Fix for a a heap-based buffer over-read in Map1toN in
     video/SDL_pixels.c.
   * CVE-2019-13616
     Fix for a heap-based buffer over-read by using a crafted .BMP file.
Checksums-Sha1:
 99aeb7d86edb552a065bad5eae8cf14b60466df4 2886 libsdl2_2.0.5+dfsg1-2+deb9u1.dsc
 4ef70d62a6e3020bd208385ea66b5ffae315cd7c 1668828 libsdl2_2.0.5+dfsg1.orig.tar.xz
 0745368f7f4a546e22fe2d33e97339f1c32c07db 18768 libsdl2_2.0.5+dfsg1-2+deb9u1.debian.tar.xz
 36a68244fbdb867ef8a2cc8f53e1067e9ef6739d 1643118 libsdl2-2.0-0-dbgsym_2.0.5+dfsg1-2+deb9u1_amd64.deb
 8d68fd62313ba0d9c26c050752613a88d993332f 359120 libsdl2-2.0-0_2.0.5+dfsg1-2+deb9u1_amd64.deb
 40a9b2ff5832d14c5e83c14c15de1b0b3b1e4d37 642196 libsdl2-dev_2.0.5+dfsg1-2+deb9u1_amd64.deb
 a95ac3ceba3a58f3465f76913837c1d35ed01336 8683992 libsdl2-doc_2.0.5+dfsg1-2+deb9u1_all.deb
 20090c9dc16592d4bc8da676491af2d5e9955921 11937 libsdl2_2.0.5+dfsg1-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 d3fa5ee25be94badd0510ac430fb3afa89983eed45d0aa4fec00c6d9855ab641 2886 libsdl2_2.0.5+dfsg1-2+deb9u1.dsc
 73b893f95eca1f5704a3a17d5440c342b4f12609b47ba661f9169b97e84c08da 1668828 libsdl2_2.0.5+dfsg1.orig.tar.xz
 edc2358b96959635efd4ebf02c99ceff1e96c949948edb9163e16427069873d8 18768 libsdl2_2.0.5+dfsg1-2+deb9u1.debian.tar.xz
 390b4146d7f0002d0b62be9a2cb988ede1a1a1ae5a56a0aa2865dae016c0a835 1643118 libsdl2-2.0-0-dbgsym_2.0.5+dfsg1-2+deb9u1_amd64.deb
 cc070725391e423485857eb4f95562517c21daad20545033947c9af425ec7dcd 359120 libsdl2-2.0-0_2.0.5+dfsg1-2+deb9u1_amd64.deb
 86093c97ac816a30f6631128222ac69196dc5bd68b387a8dea495d1485981782 642196 libsdl2-dev_2.0.5+dfsg1-2+deb9u1_amd64.deb
 d93722c0bbae5771af94a354e014dc541f1d899ae45a5674a43f6381ca312842 8683992 libsdl2-doc_2.0.5+dfsg1-2+deb9u1_all.deb
 391bbed5a01704d1cee356f0605dd2898e97d288c2894f8aed2a852cf245330a 11937 libsdl2_2.0.5+dfsg1-2+deb9u1_amd64.buildinfo
Files:
 ecffb43afd3613bc64f19691b3e07a4c 2886 libs optional libsdl2_2.0.5+dfsg1-2+deb9u1.dsc
 36a2950cc3628b0d8d7f959a1b064789 1668828 libs optional libsdl2_2.0.5+dfsg1.orig.tar.xz
 5742ce4e84493f02ddb0a16e777cb072 18768 libs optional libsdl2_2.0.5+dfsg1-2+deb9u1.debian.tar.xz
 774e25eb8d75d3b3ae36a3e0324e6bb1 1643118 debug extra libsdl2-2.0-0-dbgsym_2.0.5+dfsg1-2+deb9u1_amd64.deb
 3811a7c09054511d3d1810e9b9288002 359120 libs optional libsdl2-2.0-0_2.0.5+dfsg1-2+deb9u1_amd64.deb
 3430ca60b216614582142372db5f1423 642196 libdevel optional libsdl2-dev_2.0.5+dfsg1-2+deb9u1_amd64.deb
 20b12c9915f46599b888383abfefbb8a 8683992 doc optional libsdl2-doc_2.0.5+dfsg1-2+deb9u1_all.deb
 4855b288552fd8300cd51dc58e67496a 11937 libs optional libsdl2_2.0.5+dfsg1-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAVhvtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2wnEAC7zlFqubUUisn4NmNyIckmv0268zne
AQjRN5aoBWdgkJLowconU4cGeEr597j+LVzZXOZDv/rqkX57uQ/kscw0Hk1Lch/A
o2P/mF6eQciMa4MMo8ShCjj6cjj6kIrBqi4S9NIzxRnaFzhFtC31trHNu0LR8P48
1hPuxa4Ruz69cfzew3iIdpyEYj0yveRGB78hXaVMEuyByoubp5rTh3JF7qbu9/yP
hzW63MIQ6KW/sUvDBmbTUcuJ0Z5HSxPw9ZhtJ8yocAa1IXIPCMv3aK57GY4sbyhh
jEzARnneIoTKsOSXTn7FJ7nWQZTpa6cqp/Id53SM6uwXJJMaaTULTJdIALHLwrPG
x4XqRa6GcBpv9UcH0dcDyIWutp0Ny3l1m3vzWXHQAWSCAvDunJLLBbvUuP+DkEcT
CsLEWGxlu/lor4NnKJBC+8Oz64DQTQSaoKHzLioYE+J2qh24nQonFyFiVJlqepwA
q8WkxRKjZlAewSCUO5QMuNpsInU/YkG2uBWIvsXkTvFyVXKoe0KAVJlmL5i4TmfL
XJTA9xRUthXBJ4sV7MmHpFewL45eB7nGPDtMm4/OFcLXVrzOy+MMukNXeTh+f/2A
whyvtYqtNTHnvbS0ebczqkRgaVErtYk2lp7dIOy0I/wOuFi8QThemlRTCwDOaWn4
G9Vcqg0jroI3hw==
=hxw9
-----END PGP SIGNATURE-----
News for package libsdl2
