Bug 23845

Summary: sdl2_image new security issue CVE-2018-3977
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémi Verschelde <rverschelde>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: sdl2_image-2.0.1-1.1.mga6.src CVE:
Status comment:

Description David Walser 2018-11-15 23:50:03 CET 
Fedora has issued an advisory today (November 15):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EKZWW62EOUF3YAAVXXBR3VKGECVCOBDD/

The issue is fixed upstream in 2.0.4.
Rémi Verschelde 2018-11-16 10:24:11 CET

Assignee: geiger.david68210 => rverschelde

Comment 1 Rémi Verschelde 2018-11-16 10:47:14 CET 
I'll add this to the backlog from bug 22769. The problem is that SDL2_image 2.0.3+ requires SDL2 2.0.8+... I might bite the bullet and do the full stack update in Mageia 6, but that will imply testing all packages depending on SDL2 to make sure they work fine.

Status: NEW => RESOLVED
Resolution: (none) => MOVED

Comment 2 David Walser 2018-11-16 14:28:14 CET 
thx

*** This bug has been marked as a duplicate of bug 22769 ***

Resolution: MOVED => DUPLICATE