Ubuntu
sdl-image1.2 package

Change logs for sdl-image1.2 source package in Bionic

  1. Bionic (18.04)
  2. Change log 
  • sdl-image1.2 (1.2.12-8ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution in the XCF image rendering
    - debian/patches/CVE-2018-3977.patch: Fix potential buffer overflow on
      corrupt or maliciously-crafted XCF file.
    - CVE-2018-3977
  * SECURITY UPDATE: Buffer overflows in IMG_pcx.c
    - debian/patches/IMG_pcx-out-of-bounds.patch: fix multiple OOB issues in
      IMG_pcx.c
    - CVE-2019-5051
    - CVE-2019-12217
    - CVE-2019-12219
    - CVE-2019-12220
    - CVE-2019-12221
    - CVE-2019-12222
  * SECURITY UPDATE: Integer overflow when loading a PCX file
    - debian/patches/CVE-2019-5052.patch: Fix invalid data read on bpl == -1.
    - CVE-2019-5052
  * SECURITY UPDATE: Heap-based buffer over-read in Blit1to4()
    - debian/patches/CVE-2019-7635.patch: fix Heap-Buffer Overflow in
      Blit1to4().
    - CVE-2019-7635
  * SECURITY UPDATE: Heap buffer overflow in IMG_pcx.c
    - debian/patches/CVE-2019-12218.patch: fix heap buffer overflow issue in
      IMG_pcx.c
    - CVE-2019-12218
    - CVE-2019-12216
  * SECURITY UPDATE: Heap-based buffer over-read in BlitNtoN()
    - debian/patches/CVE-2019-13616.patch: validate image size when loading
      BMP files.
    - CVE-2019-13616

 -- Eduardo Barretto <email address hidden>  Fri, 10 Jan 2020 12:49:04 -0300
  • sdl-image1.2 (1.2.12-8) unstable; urgency=high

  * Backport various security fixes:
    - CVE-2017-12122
    - CVE-2017-14440
    - CVE-2017-14441
    - CVE-2017-14442
    - CVE-2017-14448
    - CVE-2017-14450
    - Additional fixes in pcf and xcf parsing code

 -- Felix Geyer <email address hidden>  Mon, 05 Mar 2018 20:24:09 +0100
  • sdl-image1.2 (1.2.12-7) unstable; urgency=medium

  * Fix CVE-2017-2887: buffer overflow in the XCF property handling.
    (Closes: #878267)

 -- Felix Geyer <email address hidden>  Wed, 18 Oct 2017 22:15:49 +0200
  • sdl-image1.2 (1.2.12-6) unstable; urgency=medium

  * Bump Policy Standards-Version to 4.0.0 (no changes needed)
  * Switch to debhelper compat level v10
    - dh flags --parallel are not needed
    - autoreconf is invoked by default
  * Use automatic dbgsym packages, drop -dbg
  * d/copyright: Fix missing "General" in LGPL license blurb
  * Update Vcs-* URLs

 -- Manuel A. Fernandez Montecelo <email address hidden>  Thu, 03 Aug 2017 16:47:43 +0200