Debian Package Tracker
Register | Log in
Subscribe

libsdl2

Choose email to subscribe with

general
  • source: libsdl2 (main)
  • version: 2.0.22+dfsg-3
  • maintainer: Debian SDL packages maintainers (archive) (DMD)
  • uploaders: Sam Hocevar [DMD] – Simon McVittie [DMD] – Manuel A. Fernandez Montecelo [DMD] – Felix Geyer [DMD]
  • arch: all any
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.0.5+dfsg1-2
  • o-o-sec: 2.0.5+dfsg1-2+deb9u2
  • oldstable: 2.0.9+dfsg1-1
  • stable: 2.0.14+dfsg2-3
  • testing: 2.0.22+dfsg-3
  • unstable: 2.0.22+dfsg-3
  • exp: 2.0.22+git20220524+g5dee082+dfsg-1
versioned links
  • 2.0.5+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.5+dfsg1-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.9+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.14+dfsg2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.22+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.22+git20220524+g5dee082+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libsdl2-2.0-0 (6 bugs: 0, 6, 0, 0)
  • libsdl2-dev (1 bugs: 0, 1, 0, 0)
  • libsdl2-doc
  • libsdl2-tests
action needed
15 low-priority security issues in buster low

There are 15 open security issues in buster.

15 issues left for the package maintainer to handle:
  • CVE-2019-7572: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
  • CVE-2019-7573: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
  • CVE-2019-7574: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
  • CVE-2019-7575: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
  • CVE-2019-7576: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
  • CVE-2019-7577: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
  • CVE-2019-7578: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
  • CVE-2019-7635: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
  • CVE-2019-7636: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
  • CVE-2019-7638: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
  • CVE-2019-13616: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
  • CVE-2019-13626: (needs triaging) SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
  • CVE-2020-14409: (needs triaging) SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
  • CVE-2020-14410: (needs triaging) SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
  • CVE-2021-33657: (needs triaging) There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-05-11 06:08
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2021-33657: (needs triaging) There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-04-06 Last update: 2022-05-11 06:08
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:25
news
[rss feed]
  • [2022-05-24] Accepted libsdl2 2.0.22+git20220524+g5dee082+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-05-18] Accepted libsdl2 2.0.22+git20220518.g4cb57bf+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-05-11] libsdl2 2.0.22+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2022-05-09] Accepted libsdl2 2.0.22+git20220508.gc71ee68+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-05-05] Accepted libsdl2 2.0.22+dfsg-3 (source) into unstable (Simon McVittie)
  • [2022-05-01] libsdl2 2.0.22+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-04-27] Accepted libsdl2 2.0.22+dfsg-2 (amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Simon McVittie)
  • [2022-04-25] Accepted libsdl2 2.0.22+dfsg-1 (source) into unstable (Simon McVittie)
  • [2022-04-25] Accepted libsdl2 2.0.22~rc3+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-04-21] Accepted libsdl2 2.0.22~rc2+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-04-19] Accepted libsdl2 2.0.22~rc1+git20220418+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-04-09] Accepted libsdl2 2.0.22~rc1+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-01-20] libsdl2 2.0.20+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2022-01-15] Accepted libsdl2 2.0.20+dfsg-2 (source) into unstable (Simon McVittie)
  • [2022-01-12] libsdl2 2.0.18+dfsg-5 MIGRATED to testing (Debian testing watch)
  • [2022-01-11] Accepted libsdl2 2.0.20+dfsg-1 (source) into experimental (Simon McVittie)
  • [2022-01-07] Accepted libsdl2 2.0.18+dfsg-5 (source) into unstable (Simon McVittie)
  • [2022-01-06] Accepted libsdl2 2.0.18+dfsg-4 (source) into unstable (Simon McVittie)
  • [2021-12-15] Accepted libsdl2 2.0.18+dfsg-3 (source) into unstable (Simon McVittie)
  • [2021-12-07] Accepted libsdl2 2.0.18+dfsg-2 (source) into unstable (Simon McVittie)
  • [2021-11-30] Accepted libsdl2 2.0.18+dfsg-1 (source) into experimental (Simon McVittie)
  • [2021-11-23] libsdl2 2.0.16+dfsg1-7 MIGRATED to testing (Debian testing watch)
  • [2021-11-17] Accepted libsdl2 2.0.16+dfsg1-7 (source) into unstable (Simon McVittie)
  • [2021-11-07] Accepted libsdl2 2.0.16+dfsg1-6 (source) into experimental (Simon McVittie)
  • [2021-10-31] Accepted libsdl2 2.0.5+dfsg1-2+deb9u2 (source) into oldoldstable (Adrian Bunk)
  • [2021-10-18] libsdl2 2.0.16+dfsg1-5 MIGRATED to testing (Debian testing watch)
  • [2021-10-13] Accepted libsdl2 2.0.16+dfsg1-5 (source) into unstable (Simon McVittie)
  • [2021-09-11] libsdl2 2.0.16+dfsg1-4 MIGRATED to testing (Debian testing watch)
  • [2021-09-06] Accepted libsdl2 2.0.16+dfsg1-4 (source) into unstable (Simon McVittie)
  • [2021-08-16] Accepted libsdl2 2.0.16+dfsg1-3 (source) into experimental (Simon McVittie)
  • 1
  • 2
bugs [bug history graph]
  • all: 9
  • RC: 0
  • I&N: 8
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, exp, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.0.22+dfsg-3ubuntu1
  • 15 bugs
  • patches for 2.0.22+dfsg-3ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing