-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Aug 2022 11:51:13 +0100 Source: libsdl1.2 Architecture: source Version: 1.2.15+dfsg2-8 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 1016352 Changes: libsdl1.2 (1.2.15+dfsg2-8) unstable; urgency=medium . * Team upload * d/p/SDL_x11yuv.c-fix-possible-use-after-free.patch: Add patch from upstream to fix a use-after-free (CVE-2022-34568) (Closes: #1016352) * d/p/SDL_bmp.c-reject-bmp-files-with-zero-bpp.patch: Add patch from upstream to reject .bmp files claiming to be 0 bits per pixel. This does not have a CVE ID, but seems like the sort of thing that could cause denial of service via a crash or infinite loop. * d/patches: Improve patch metadata by syncing with upstream commits. In particular, various patches for audio- and image-related buffer overflows are now correctly attributed to Petr Písař of Red Hat. Some were split into commits differently upstream, so the patch filenames do not correspond 1:1. No functional changes, other than some ppc64le-specific code now being correctly #ifdef'd out on other architectures. * d/patches: Sort patch series with non-upstream patches last Checksums-Sha1: de758853c2ddcb558739dd3c46171ef4c12b7b30 2387 libsdl1.2_1.2.15+dfsg2-8.dsc 10f40b81cc703016ffae5d3cb51fa6d050c63fb1 57556 libsdl1.2_1.2.15+dfsg2-8.debian.tar.xz 95c127364706d83111dde7fc0a7630758a55be87 8622 libsdl1.2_1.2.15+dfsg2-8_source.buildinfo Checksums-Sha256: ff6cf187235703226f91af9d636255c5d7141bf1a693aa37293ceeb11430cc33 2387 libsdl1.2_1.2.15+dfsg2-8.dsc f1e294c33ad395f3b0dc473ff33b84405ac7fc465e3c9d2a25fee576a96e9fc7 57556 libsdl1.2_1.2.15+dfsg2-8.debian.tar.xz 81e7c0c47e3fa9885a728880bb086b9f2ecfe83069280d69c363b833acb428a9 8622 libsdl1.2_1.2.15+dfsg2-8_source.buildinfo Files: 72ed92acf07c938a09d8896394ff3478 2387 libs optional libsdl1.2_1.2.15+dfsg2-8.dsc b1361c4bca212fd85c538e23bf197d69 57556 libs optional libsdl1.2_1.2.15+dfsg2-8.debian.tar.xz 81ac6be9dcfec6733de6425f5ea7fc29 8622 libs optional libsdl1.2_1.2.15+dfsg2-8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLoNv0ACgkQ4FrhR4+B TE+9yRAAuRUYG3hGrE041wHycMGVDDYWYuxdN/FT0MoBhua5vTHo4MqUXfauEvAV 95g8+lhpJD7N1VzA6895Dk9APNA2SlDaS3qLea3rzmagxJr5Ct6KvzUpzoW8CjFg lZNsw+2gfSaWLPtYYucd3zxxZRUrpy63oqQzQ+tnSbGsMrmE+N1DXM1QvI6Jw29P wbns9NU6yfYqO+Sbm6gVbdxbjaK/1WP38QImBCRmiEiPgM18FVWjI/yaxEtZqomn T97F95ZN57wjx2B14h3vuK4mi35Phv7G2wbTg1XtWxmJg+4U+VT4u1Gf3CPw+Jeu GrlUgzG6iFOcLWMNZpHIsWmtCbWIH0ixhqb8qDCTCdyQdTlPrQ+rmKyoVYpMyaOH m49pubRF1CeQhqAdutqemc5cDdpCmM+q1RuxMON1D8k7Vi3RcO1qwjpy5Z1VyEUu GXy3fdrb0jYY1oG9v1b17TPsns3pOXw/+PJgVYiDvgjOCjurS0jfk7FnA1fXzA7m 0dLKWqsGR9RTMdgICI57iYEU6dDP+dymEe5zxFarq64mXXyT2qTOObfcrwY3Fsey 4FRDRFWDU4AF+iXWEgROsRm6MXeSTiUbRcIprkkg/B8Qn4Fy8ZZoQS5E1oTiAfw4 JBGGoTF7nJe5y523UvkTn8MnCfFNjcXm0NgUTHWEnGAgAIVQYVM= =ei9r -----END PGP SIGNATURE-----
