UbuntuUpdates.org

Package "libsdl2"

Name: libsdl2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Simple DirectMedia Layer
  • Simple DirectMedia Layer debug files
  • Simple DirectMedia Layer development files
Latest version: 2.0.2+dfsg1-3ubuntu1.3
Release: trusty (14.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libsdl2" in Trusty

Repository Area Version
base universe 2.0.2+dfsg1-3ubuntu1
security universe 2.0.2+dfsg1-3ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.2+dfsg1-3ubuntu1.3 2019-09-30 16:06:54 UTC

  libsdl2 (2.0.2+dfsg1-3ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read in Fill_IMA_ADPCM_block
    - debian/patches/CVE-2017-2888.diff: check var size before mallocing pixels
    - debian/patches/CVE-2017-2888_CVE-2019-7637.diff: assert size of int
      before mallocing
    - CVE-2017-2888
    - CVE-2019-7637
  * SECURITY UPDATE: heap-based buffer over-read in Blit1to4
    - debian/patches/CVE-2019-7635.diff: add error checking to SDL_LoadBMP_RW
    - CVE-2019-7635
  * SECURITY UPDATE: heap-based buffer over-read in Map1toN and SDL_GetRGB
    - debian/patches/CVE-2019-7636_CVE-2019-7638.patch: add error checking to
      SDL_LoadBMP_RW
    - CVE-2019-7636
    - CVE-2019-7638

 -- Avital Ostromich <email address hidden> Wed, 25 Sep 2019 11:26:34 -0400
Source diff to previous version
CVE-2017-2888 An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer over
CVE-2019-7637 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7635 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7636 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7638 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Version: 2.0.2+dfsg1-3ubuntu1.2 2017-08-28 15:06:58 UTC
No changelog available yet.
Source diff to previous version

Version: 2.0.2+dfsg1-3ubuntu1.1 2014-05-22 17:06:59 UTC

  libsdl2 (2.0.2+dfsg1-3ubuntu1.1) trusty-proposed; urgency=medium

  * New patch: mir_forward_declaration_syswm.diff
    - Forward declare structs so you don't need mir headers
      (LP: #1306629)
 -- Brandon Schaefer <email address hidden> Thu, 01 May 2014 13:03:23 -0400
1306629 [SRU] SDL_syswm.h can't find mir_toolkit/mir_client_library.h


About   -   Send Feedback to @ubuntu_updates