-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-ff2fe47ba4 2020-02-08 01:58:52.898351 -------------------------------------------------------------------------------- Name : mingw-SDL2 Product : Fedora 31 Version : 2.0.10 Release : 1.fc31 URL : http://www.libsdl.org/ Summary : MinGW Windows port of SDL2 cross-platform multimedia library Description : Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. -------------------------------------------------------------------------------- Update Information: MinGW cross compiled SDL 2.0.10, fixing a number of CVE issues. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2019 Sandro Mani <manisandro(a)gmail.com&gt; - 2.0.10-1 - Update to 2.0.10 * Tue Oct 8 2019 Sandro Mani <manisandro(a)gmail.com&gt; - 2.0.9-4 - Rebuild (Changes/Mingw32GccDwarf2) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1754614 - CVE-2019-13626 mingw-SDL2: SDL: integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c leads to heap-based buffer over-read in Fill_IMA_ADPCM_block [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1754614 [ 2 ] Bug #1754009 - CVE-2019-13616 mingw-SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1754009 [ 3 ] Bug #1754601 - CVE-2019-12222 mingw-SDL2: SDL: out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1754601 [ 4 ] Bug #1752631 - CVE-2019-12222 mingw-SDL2: SDL: out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752631 [ 5 ] Bug #1752616 - CVE-2019-12218 mingw-SDL2: SDL: null-pointer dereference in function IMG_LoadPCX_RW in IMG_pcx.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752616 [ 6 ] Bug #1752612 - CVE-2019-12217 mingw-SDL2: SDL: null-pointer dereference in function stdio_read in file/SDL_rwops.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752612 [ 7 ] Bug #1752604 - CVE-2019-12221 mingw-SDL2: SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752604 [ 8 ] Bug #1752622 - CVE-2019-12219 mingw-SDL2: SDL: invalid free error in function SDL_SetError_REAL [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752622 [ 9 ] Bug #1752626 - CVE-2019-12220 mingw-SDL2: SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752626 [ 10 ] Bug #1752608 - CVE-2019-12216 mingw-SDL2: SDL: heap-based buffer overflow in function SDL2_image function IMG_LoadPCX_RW in IMG_pcx.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752608 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-ff2fe47ba4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------