[SECURITY] [DLA 2803-1] libsdl2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2803-1] libsdl2 security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 31 Oct 2021 11:06:17 +0200
Message-id: <[🔎] 20211031090617.GA20286@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2803-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
October 31, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libsdl2
Version        : 2.0.5+dfsg1-2+deb9u2
CVE ID         : CVE-2017-2888 CVE-2019-7637
Debian Bug     : 878264

A vulnerability has been fixed in libsdl2, the newer version of the 
Simple DirectMedia Layer library that provides low level access to 
audio, keyboard, mouse, joystick, and graphics hardware.

CVE-2017-2888
CVE-2019-7637

    Potential overflow in surface allocation was fixed.

For Debian 9 stretch, these problems have been fixed in version
2.0.5+dfsg1-2+deb9u2.

We recommend that you upgrade your libsdl2 packages.

For the detailed security status of libsdl2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsdl2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF+XIkACgkQiNJCh6LY
mLHSSxAAh8LPTfSlAtbvJJjaD6r1XLZZ9gDkG8+0FNzGpXFrIwbdGGpqcSXTy69b
KuUOGStjy8+JCRJappBXVlOSJrRERJhGlEZ4VCPNG3b3czsDdTImlNfhO0xBvLON
uYlOwE8oH8eZC/z2Biw68LXBwxbZeBRlxwjxDChKkeyGUZKKqkhV7M+S6oKADjnA
X5YlZ3ZKcXNSAg7Zi4rIIA4xT3In0sFEkvAy5We6HqASNz8+Taoq+lDK+Y7F3NQN
kjHxvUFwV6Cffq0r8/V471MfyWTmeF6u5u7eSBRbvPFPvgLgBzoub01a2iqXfCUL
6ytdZn8nO5wm4ntrNY3P0sbBe2IxIXoX9DzOs/sgv/Nf6T+EGc2zF2lub6fDZB1q
mFalUwqEiR3fbFTvJkkkUnyG2+PH5ZGmFU3n6n0ItYxxHOSksV6J+dGGVcRpnwAg
vWKNbct6Kw8EmKkBU8S52G4aVOmcvrqc6G/u6vWfmJS0M8BZC+vABpbk+oDoNQBB
QZjfc0BmjLC8pfRMguQ8O3KAUJy7g8dc/gjYRzPjKjkW1ZUPHFriX5MzD7pw1PcK
TNgWir+4GjNPVR8wra28ng+fYaNkv1xKC49PJQVy5c3FoV7Up0wDVwuULPjgKHEw
xQKZudhi1GexWcsASmCWdlnAfW2GhZZqUjFM0DorB71jqNDzyFw=
=B6G/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2802-1] elfutils security update
Next by Date: [SECURITY] [DLA 2804-1] libsdl1.2 security update
Previous by thread: [SECURITY] [DLA 2802-1] elfutils security update
Next by thread: [SECURITY] [DLA 2804-1] libsdl1.2 security update
Index(es):
- Date
- Thread