Debian 10260 Published by

Updated libsdl1.2 and libsdl2 packages has been released for Debian GNU/Linux 8 LTS to address a regression introduced by the previous updates:

DLA 1713-2: libsdl1.2 regression update
DLA 1714-2: libsdl2 regression update



DLA 1713-2: libsdl1.2 regression update

Package : libsdl1.2
Version : 1.2.15-10+deb8u2
CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7637 CVE-2019-7638

The update of libsdl1.2 released as DLA 1713-1 led to a regression, caused
by an incomplete fix for CVE-2019-7637. This issue was known upstream and
resulted, among others, in windows versions from libsdl1.2 failing to set
video mode.

For Debian 8 "Jessie", this problem has been fixed in version
1.2.15-10+deb8u2.

We recommend that you upgrade your libsdl1.2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DLA 1714-2: libsdl2 regression update

Package : libsdl2
Version : 2.0.2+dfsg1-6+deb8u2
CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7637 CVE-2019-7638

The update of libsdl2 released as DLA 1714-1 led to several regressions, as
reported by Avital Ostromich. These regressions are caused by libsdl1.2
patches for CVE-2019-7637, CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 being
applied to libsdl2 without adaptations.

For Debian 8 "Jessie", this problem has been fixed in version
2.0.2+dfsg1-6+deb8u2.

We recommend that you upgrade your libsdl2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS