FEDORA-2018-b38de02132

security update in Fedora 29 for mingw-SDL2_image

Status: stable 4 days ago

This update has been submitted for testing by pwalter.

hello pwalter, does this update only fix CVE-2018-3977 or does it also fix the below referenced cves: CVE-2017-2887, CVE-2018-3837, CVE-2018-3838?

thanks for your effort!

This update has been pushed to testing.

12 days ago

pwalter 12 days ago

@muench, I believe the CVE numbers you listed were fixed by older SDL2_image releases, but the fixes are all included in this build as well.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

5 days ago

This update has been submitted for batched by pwalter.

5 days ago

This update has been submitted for stable by bodhi.

5 days ago

This update has been pushed to stable.

4 days ago

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

Text fields in Bodhi2 support an enhanced version of markdown. This is a cheat sheet for your reference.

You can do headers by underlining or by prefixing with the # character:

This is an H1
=============

This is an H2
-------------

# This is another H1

## This is another H2

You can do blockquotes using email-style prefixes with the > character:

> This is a quotation
> over many lines
> > and it can be nested(!)

Lists work like you'd expect, by prefixing with any of the *, +, or - characters:

Check out this list:

* This
* is
* a list..

You need a blank line between a paragraph and the start of a list for the renderer to pick up on it.

Emphasis can be added like this:

*italics*
_italics_
**bold**
__bold__

You can save your code references from being misinterpreted as emphasis by surrounding them with backtick characters (`):

Use `the_best_function()` and _not_ that crummy one.

Links look like this:

[text](http://getfedora.org)

..but we also support bare links if you just provide a URL.

You can create code blocks by indenting every line of the block by at least 4 spaces or 1 tab.

Here is a code block:

    for i in range(4):
        print i
    print "done."

You can reference bug reports by simply writing something of the form tracker#ticketid.

This fixes PHP#1234 and Python#2345

... we will automatically generate links to the tickets in the appropriate trackers in place.

The supported bug tracker prefixes are: (these are all case-insensitive)

Fedora, RHBZ and RH (all point to the Red Hat Bugzilla)
GNOME
KDE
PEAR
PHP
Python

And you can refer to other users by prefixing their username with the @ symbol.

Thanks @mattdm!

This will generate a link to their profile, but it won't necessarily send them a notification unless they have a special FMN rule set up to catch it.

Lastly, you can embed inline images with syntax like this:

![Alt text](/path/to/img.jpg)

-1	0	+1	Feedback Guidelines
			Is the update generally functional? (karma) You need to be logged in to add karma!
			#1500450 CVE-2017-2887 SDL_image: Incorrect XCF property handling
			#1500452 CVE-2017-2887 mingw-SDL_image: SDL_image: Multiple vulnerabilities [fedora-all]
			#1568142 CVE-2018-3837 SDL2_image: information disclosure in the PCX image rendering functionality
			#1568144 CVE-2018-3837 CVE-2018-3838 CVE-2018-3839 mingw-SDL2_image: various flaws [fedora-all]
			#1646575 CVE-2018-3977 SDL2_image: code execution in the XCF image rendering functionality
			#1646576 CVE-2018-3977 mingw-SDL2_image: SDL2_image: code execution in the XCF image rendering functionality [fedora-all]

Content Type

RPM

Status

stable

Test Gating

Submitted by

pwalter

Update Type

security

Update Severity

medium

Karma

0
stable threshold: 3
unstable threshold: -3

Autopush

Enabled

Dates

submitted	13 days ago
in testing	12 days ago
in stable	4 days ago

FEDORA-2018-b38de02132

security update in Fedora 29 for mingw-SDL2_image

Comments 8

Add Comment & Feedback
Toggle Preview

Related Bugs 6

Automated Test Results

FEDORA-2018-b38de02132

security update in Fedora 29 for mingw-SDL2_image

Comments 8

Add Comment & Feedback Toggle Preview

Related Bugs 6

Automated Test Results

Add Comment & Feedback
Toggle Preview