ELA-520-1 libsdl1.2 security update

heap-based buffer over-read

Related CVEs CVE-2019-13616

An issue has been found in libsdl1.2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. It is related to an heap-based buffer over-read, resulting in a DoS by using a crafted BMP file.

For Debian 8 jessie, these problems have been fixed in version 1.2.15-10+deb8u3.

We recommend that you upgrade your libsdl1.2 packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support