Register | Log in

libsdl2

Choose email to subscribe with

general

source: libsdl2 (main)
version: 2.0.9+dfsg1-1
maintainer: Debian SDL packages maintainers (archive) [DMD]
uploaders: Sam Hocevar [DMD] – Felix Geyer [DMD] – Manuel A. Fernandez Montecelo [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.2+dfsg1-6
o-o-sec: 2.0.2+dfsg1-6+deb8u1
oldstable: 2.0.5+dfsg1-2
stable: 2.0.9+dfsg1-1
testing: 2.0.9+dfsg1-1
unstable: 2.0.9+dfsg1-1

versioned links

2.0.2+dfsg1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.2+dfsg1-6+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.5+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.9+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsdl2-2.0-0 (4 bugs: 0, 4, 0, 0)
libsdl2-dev (3 bugs: 0, 3, 0, 0)
libsdl2-doc

action needed

3 security issues in jessie high

There are 3 open security issues in jessie.

2 important issues:

CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.

1 issue skipped by the security teams:

CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Please fix them.

Created: 2017-10-11 Last update: 2019-07-20 08:51

13 security issues in buster high

There are 13 open security issues in buster.

2 important issues:

CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.

11 issues skipped by the security teams:

CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

Please fix them.

Created: 2019-02-07 Last update: 2019-07-20 08:51

13 security issues in sid high

There are 13 open security issues in sid.

13 important issues:

CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

Please fix them.

Created: 2019-02-07 Last update: 2019-07-20 08:51

14 security issues in stretch high

There are 14 open security issues in stretch.

2 important issues:

CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.

12 issues skipped by the security teams:

CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

Please fix them.

Created: 2017-10-11 Last update: 2019-07-20 08:51

13 security issues in bullseye high

There are 13 open security issues in bullseye.

13 important issues:

CVE-2019-7577: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7572: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7636: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7574: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7576: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-7637: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7638: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-7578: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-13626: SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7575: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

Please fix them.

Created: 2019-07-07 Last update: 2019-07-20 08:51

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-07-23 10:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2019-07-08 20:09

news

[2019-03-13] Accepted libsdl2 2.0.2+dfsg1-6+deb8u1 (source amd64) into oldstable (Abhijith PA)
[2019-02-05] libsdl2 2.0.9+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2019-02-02] Accepted libsdl2 2.0.9+dfsg1-1 (source) into unstable (Felix Geyer)
[2018-10-28] libsdl2 2.0.8+dfsg1-6 MIGRATED to testing (Debian testing watch)
[2018-10-25] Accepted libsdl2 2.0.8+dfsg1-6 (source amd64 all) into unstable (Manuel A. Fernandez Montecelo)
[2018-10-22] libsdl2 2.0.8+dfsg1-5 MIGRATED to testing (Debian testing watch)
[2018-10-20] Accepted libsdl2 2.0.8+dfsg1-5 (source amd64 all) into unstable (Manuel A. Fernandez Montecelo)
[2018-10-06] libsdl2 2.0.8+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted libsdl2 2.0.8+dfsg1-4 (source) into unstable (Gianfranco Costamagna)
[2018-10-03] libsdl2 2.0.8+dfsg1-3.1 MIGRATED to testing (Debian testing watch)
[2018-09-30] Accepted libsdl2 2.0.8+dfsg1-3.1 (source) into unstable (Simon McVittie)
[2018-09-27] Accepted libsdl2 2.0.8+dfsg1-3 (source) into unstable (Gianfranco Costamagna)
[2018-09-20] libsdl2 2.0.8+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-09-14] Accepted libsdl2 2.0.8+dfsg1-2 (source) into unstable (Felix Geyer) (signed by: Gianfranco Costamagna)
[2018-03-09] libsdl2 2.0.8+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-03-04] Accepted libsdl2 2.0.8+dfsg1-1 (source) into unstable (Felix Geyer)
[2017-11-15] libsdl2 2.0.7+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted libsdl2 2.0.7+dfsg1-3 (source amd64 all) into unstable (Fabian Greffrath)
[2017-11-07] Accepted libsdl2 2.0.7+dfsg1-2 (source) into unstable (Gianfranco Costamagna)
[2017-11-06] Accepted libsdl2 2.0.7+dfsg1-1 (source amd64 all) into unstable (Fabian Greffrath)
[2017-10-21] libsdl2 2.0.6+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2017-10-18] Accepted libsdl2 2.0.6+dfsg1-4 (source) into unstable (Felix Geyer)
[2017-10-15] libsdl2 2.0.6+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-10-12] Accepted libsdl2 2.0.6+dfsg1-3 (source) into unstable (Felix Geyer)
[2017-10-05] libsdl2 2.0.6+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-09-30] Accepted libsdl2 2.0.6+dfsg1-2 (source amd64 all) into unstable (Manuel A. Fernandez Montecelo)
[2017-09-26] Accepted libsdl2 2.0.6+dfsg1-1 (source amd64 all) into unstable (Manuel A. Fernandez Montecelo)
[2017-08-03] libsdl2 2.0.5+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-07-28] Accepted libsdl2 2.0.5+dfsg1-3 (source amd64 all) into unstable (Manuel A. Fernandez Montecelo)
[2017-01-07] libsdl2 2.0.5+dfsg1-2 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 10
RC: 1
I&N: 9
M&W: 0
F&P: 0
patch: 3

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.0.9+dfsg1-1ubuntu1
13 bugs
patches for 2.0.9+dfsg1-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing