Debian Package Tracker

general

source: libsdl1.2 (main)
version: 1.2.15+dfsg2-4
maintainer: Debian SDL packages maintainers (archive) (DMD)
uploaders: Felix Geyer [DMD] – Manuel A. Fernandez Montecelo [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.15-10
o-o-sec: 1.2.15-10+deb8u1
oldstable: 1.2.15+dfsg1-4
stable: 1.2.15+dfsg2-4
testing: 1.2.15+dfsg2-4
unstable: 1.2.15+dfsg2-4

versioned links

1.2.15-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.15-10+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.15+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.15+dfsg2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsdl1.2-dev (3 bugs: 0, 3, 0, 0)
libsdl1.2debian (15 bugs: 0, 12, 3, 0)

action needed

13 security issues in bullseye high

There are 13 open security issues in bullseye.

13 important issues:

CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

Please fix them.

Created: 2019-07-07 Last update: 2019-08-18 15:04

13 security issues in sid high

There are 13 open security issues in sid.

13 important issues:

CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

Please fix them.

Created: 2019-02-07 Last update: 2019-08-18 15:04

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-24 11:05

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.2.15+dfsg2-5, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b8a343d1007d08c18c9e25d0833a40a6f6027816
Author: Felix Geyer <fgeyer@debian.org>
Date:   Wed Aug 14 19:02:59 2019 +0200

    Add follow-up fix for CVE-2019-7637

commit 20c0ddf5ff90807547d77eb96483409b4566a2d1
Author: Felix Geyer <fgeyer@debian.org>
Date:   Wed Aug 14 18:43:18 2019 +0200

    Close bug #924609

commit 5d503b1023f57f0076b0b71f0af15d5c57af7f0e
Author: Felix Geyer <fgeyer@debian.org>
Date:   Wed Aug 14 18:40:32 2019 +0200

    Fix CVE-2019-13616

commit 130f2e9675fe167c7e93f49479316f00109925dd
Author: Felix Geyer <fgeyer@debian.org>
Date:   Wed Aug 14 18:38:20 2019 +0200

    Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575 CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636 CVE-2019-7637, CVE-2019-7638

Created: 2019-08-14 Last update: 2019-08-17 00:22

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Please fix them.

Created: 2019-07-17 Last update: 2019-08-18 15:04

13 ignored security issues in buster low

There are 13 open security issues in buster.

13 issues skipped by the security teams:

CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

Please fix them.

Created: 2019-02-07 Last update: 2019-08-18 15:04

13 ignored security issues in stretch low

There are 13 open security issues in stretch.

13 issues skipped by the security teams:

CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

Please fix them.

Created: 2019-02-07 Last update: 2019-08-18 15:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2019-07-08 20:08

news

[rss feed]

[2019-03-13] Accepted libsdl1.2 1.2.15-10+deb8u1 (source amd64) into oldstable (Abhijith PA)
[2018-10-30] libsdl1.2 1.2.15+dfsg2-4 MIGRATED to testing (Debian testing watch)
[2018-10-25] libsdl1.2 1.2.15+dfsg2-3 MIGRATED to testing (Debian testing watch)
[2018-10-25] Accepted libsdl1.2 1.2.15+dfsg2-4 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2018-10-20] Accepted libsdl1.2 1.2.15+dfsg2-3 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2018-09-20] libsdl1.2 1.2.15+dfsg2-2 MIGRATED to testing (Debian testing watch)
[2018-09-14] Accepted libsdl1.2 1.2.15+dfsg2-2 (source) into unstable (Gianfranco Costamagna)
[2018-06-05] libsdl1.2 1.2.15+dfsg2-1 MIGRATED to testing (Debian testing watch)
[2018-05-30] Accepted libsdl1.2 1.2.15+dfsg2-1 (source) into unstable (Gianfranco Costamagna)
[2017-07-28] libsdl1.2 1.2.15+dfsg2-0.1 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted libsdl1.2 1.2.15+dfsg2-0.1 (source) into unstable (Jonas Smedegaard)
[2016-03-22] libsdl1.2 1.2.15+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2016-03-21] libsdl1.2 1.2.15+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2016-03-20] libsdl1.2 1.2.15+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2016-03-17] libsdl1.2 1.2.15+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2016-03-17] Accepted libsdl1.2 1.2.15+dfsg1-4 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2016-03-12] Accepted libsdl1.2 1.2.15+dfsg1-3 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2016-02-27] libsdl1.2 1.2.15+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2016-02-21] Accepted libsdl1.2 1.2.15+dfsg1-2 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2015-11-06] libsdl1.2 1.2.15-12 MIGRATED to testing (Britney)
[2015-10-31] Accepted libsdl1.2 1.2.15-12 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2015-05-03] libsdl1.2 1.2.15-11 MIGRATED to testing (Britney)
[2015-04-27] Accepted libsdl1.2 1.2.15-11 (source amd64) into unstable (Manuel A. Fernandez Montecelo)
[2015-04-20] Accepted libsdl1.2 1.2.14-6.1+build1 (source amd64) into squeeze-lts (Raphaël Hertzog)
[2014-07-06] libsdl1.2 1.2.15-10 MIGRATED to testing (Britney)
[2014-06-30] Accepted libsdl1.2 1.2.15-10 (source amd64) (Felix Geyer)
[2014-03-14] libsdl1.2 1.2.15-9 MIGRATED to testing (Debian testing watch)
[2014-03-09] Accepted libsdl1.2 1.2.15-9 (source amd64) (Manuel A. Fernandez Montecelo)
[2013-11-08] libsdl1.2 1.2.15-8 MIGRATED to testing (Debian testing watch)
[2013-10-28] Accepted libsdl1.2 1.2.15-8 (source amd64) (Manuel A. Fernandez Montecelo)

bugs [bug history graph]

all: 21 23
RC: 1
I&N: 18 19
M&W: 2 3
F&P: 0
patch: 3

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.15+dfsg2-4
27 bugs (5 patches)