CVE-2019-13626

Note

The patch in SDL 2.0 is enormous and should be applied with care. The
upstream patch to backport is spread across three upstream commits:
https://hg.libsdl.org/SDL/rev/b06fa7da012b
https://hg.libsdl.org/SDL/rev/a39d8cdf50f4
https://hg.libsdl.org/SDL/rev/572f29f98da0

Package	Release	Status
libsdl1.2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	disco	Not vulnerable (code not present)
	eoan	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hirsute	Not vulnerable (code not present)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	lunar	Not vulnerable (code not present)
	mantic	Does not exist
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
libsdl2 Launchpad, Ubuntu, Debian	bionic	Needed
	disco	Ignored (end of life)
	eoan	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	focal	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	groovy	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	hirsute	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	impish	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	jammy	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	kinetic	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	lunar	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	mantic	Not vulnerable (2.0.10+dfsg1-1ubuntu1)
	trusty	Needed
	upstream	Released (2.0.10)
	xenial	Needed

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2019-13626

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading