Overview

File _patchinfo of Package patchinfo.7895

<patchinfo incident="7895">
  <issue id="1025413" tracker="bnc">games/SDL2: Needs build with fcitx support</issue>
  <issue id="1084282" tracker="bnc">VUL-0: CVE-2017-14441: SDL_image, SDL2_image: code execution in the ICO image rendering</issue>
  <issue id="1084257" tracker="bnc">VUL-0: CVE-2017-14440: SDL_image, SDL2_image: Potential code execution in the ILBM image rendering functionality</issue>
  <issue id="1084256" tracker="bnc">VUL-0: CVE-2017-12122: SDL_image, SDL2_image: Potential code execution in the ILBM image rendering fuctionality</issue>
  <issue id="1084303" tracker="bnc">VUL-0: CVE-2017-14448: SDL_image, SDL2_image: Heap buffer overflow in the XCF image rendering functionality</issue>
  <issue id="1084297" tracker="bnc">VUL-1: CVE-2017-14449: SDL2_image: double-Free in the XCF image rendering</issue>
  <issue id="1084304" tracker="bnc">VUL-0: CVE-2017-14442: SDL_image, SDL2_image: Stack buffer overflow the BMP image rendering functionality</issue>
  <issue id="1084288" tracker="bnc">VUL-0: CVE-2017-14450: SDL_image, SDL2_image: Buffer overflow in the GIF image parsing</issue>
  <issue id="2017-14448" tracker="cve" />
  <issue id="2017-14449" tracker="cve" />
  <issue id="2017-14442" tracker="cve" />
  <issue id="2017-14450" tracker="cve" />
  <issue id="2017-14440" tracker="cve" />
  <issue id="2017-14441" tracker="cve" />
  <issue id="2017-12122" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>jengelh</packager>
  <description>This update for SDL2 and SDL2_image fixes the following issues:

- CVE-2017-14441: Code execution in the ICO image rendering (bsc#1084282).
- CVE-2017-14440: Potential code execution in the ILBM image rendering functionality (bsc#1084257).
- CVE-2017-12122: Potential code execution in the ILBM image rendering fuctionality (bsc#1084256).
- CVE-2017-14448: Heap buffer overflow in the XCF image rendering functionality (bsc#1084303).
- CVE-2017-14449: Double-Free in the XCF image rendering (bsc#1084297).
- CVE-2017-14442: Stack buffer overflow the BMP image rendering functionality (bsc#1084304).
- CVE-2017-14450: Buffer overflow in the GIF image parsing (bsc#1084288).

Bug fixes:

- boo#1025413: Add dbus-ime.diff and build with fcitx.
</description>
  <summary>Security update for SDL2, SDL2_image</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places