libsdl2 - Debian Package Tracker

general

source: libsdl2 (main)
version: 2.0.16+dfsg1-4
maintainer: Debian SDL packages maintainers (archive) (DMD)
uploaders: Sam Hocevar [DMD] – Felix Geyer [DMD] – Simon McVittie [DMD] – Manuel A. Fernandez Montecelo [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.5+dfsg1-2
o-o-sec: 2.0.5+dfsg1-2+deb9u1
oldstable: 2.0.9+dfsg1-1
stable: 2.0.14+dfsg2-3
testing: 2.0.16+dfsg1-4
unstable: 2.0.16+dfsg1-4

versioned links

2.0.5+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.5+dfsg1-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.9+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.14+dfsg2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.16+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsdl2-2.0-0 (6 bugs: 0, 6, 0, 0)
libsdl2-dev (1 bugs: 0, 1, 0, 0)
libsdl2-doc

action needed

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2021-09-11 Last update: 2021-09-18 07:33

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 48cc479634246c5fe2ff445c612927f07843f773
Author: Simon McVittie <smcv@debian.org>
Date:   Mon Sep 6 13:14:23 2021 +0100

    Replace patch with the version that went upstream
    
    This is compatible with both old and new Autoconf, unlike my previous
    attempt, which only fully worked with 2.71.

Created: 2021-09-06 Last update: 2021-09-12 19:05

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:03

14 low-priority security issues in buster low

There are 14 open security issues in buster.

14 issues left for the package maintainer to handle:

CVE-2019-13616: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-13626: (needs triaging) SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-7572: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7573: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7574: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7575: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7576: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7577: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7578: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7635: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7636: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7638: (needs triaging) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2020-14409: (needs triaging) SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
CVE-2020-14410: (needs triaging) SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-09-11 06:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.1).

Created: 2021-08-18 Last update: 2021-09-06 18:09

news

[rss feed]

[2021-09-11] libsdl2 2.0.16+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2021-09-06] Accepted libsdl2 2.0.16+dfsg1-4 (source) into unstable (Simon McVittie)
[2021-08-16] Accepted libsdl2 2.0.16+dfsg1-3 (source) into experimental (Simon McVittie)
[2021-08-13] Accepted libsdl2 2.0.16+dfsg1-2 (source) into experimental (Simon McVittie)
[2021-08-11] Accepted libsdl2 2.0.16+dfsg1-1 (source) into experimental (Simon McVittie)
[2021-01-30] Accepted libsdl2 2.0.5+dfsg1-2+deb9u1 (source amd64 all) into oldstable (Thorsten Alteholz)
[2021-01-24] libsdl2 2.0.14+dfsg2-3 MIGRATED to testing (Debian testing watch)
[2021-01-18] Accepted libsdl2 2.0.14+dfsg2-3 (source) into unstable (Simon McVittie)
[2021-01-18] libsdl2 2.0.14+dfsg2-2 MIGRATED to testing (Debian testing watch)
[2021-01-12] Accepted libsdl2 2.0.14+dfsg2-2 (source) into unstable (Simon McVittie)
[2021-01-06] Accepted libsdl2 2.0.14+dfsg2-1 (source) into experimental (Simon McVittie)
[2020-10-09] libsdl2 2.0.12+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2020-10-09] libsdl2 2.0.12+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2020-10-04] Accepted libsdl2 2.0.12+dfsg1-4 (source) into unstable (Fabian Greffrath)
[2020-10-03] Accepted libsdl2 2.0.12+dfsg1-3 (source amd64 all) into unstable (Fabian Greffrath)
[2020-08-24] libsdl2 2.0.12+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2020-08-18] Accepted libsdl2 2.0.12+dfsg1-2 (source) into unstable (Fabian Greffrath)
[2020-06-01] libsdl2 2.0.12+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2020-05-26] Accepted libsdl2 2.0.12+dfsg1-1 (source) into unstable (Simon McVittie)
[2020-04-27] Accepted libsdl2 2.0.12+dfsg1-1~exp1 (source) into experimental (Simon McVittie)
[2020-04-19] libsdl2 2.0.10+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2020-04-13] Accepted libsdl2 2.0.10+dfsg1-3 (source) into unstable (Simon McVittie)
[2020-02-08] libsdl2 2.0.10+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2020-02-02] Accepted libsdl2 2.0.10+dfsg1-2 (source) into unstable (Felix Geyer)
[2019-10-16] Accepted libsdl2 2.0.2+dfsg1-6+deb8u2 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-09-25] libsdl2 2.0.10+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2019-09-19] Accepted libsdl2 2.0.10+dfsg1-1 (source) into unstable (Felix Geyer)
[2019-03-13] Accepted libsdl2 2.0.2+dfsg1-6+deb8u1 (source amd64) into oldstable (Abhijith PA)
[2019-02-05] libsdl2 2.0.9+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2019-02-02] Accepted libsdl2 2.0.9+dfsg1-1 (source) into unstable (Felix Geyer)

bugs [bug history graph]

all: 8
RC: 0
I&N: 8
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.0.14+dfsg2-3
15 bugs