Hello community, here is the log from the commit of package SDL2_image for openSUSE:Factory checked in at 2018-03-13 10:23:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SDL2_image (Old) and /work/SRC/openSUSE:Factory/.SDL2_image.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "SDL2_image" Tue Mar 13 10:23:30 2018 rev:9 rq:584127 version:2.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/SDL2_image/SDL2_image.changes 2018-02-14 10:52:39.303452941 +0100 +++ /work/SRC/openSUSE:Factory/.SDL2_image.new/SDL2_image.changes 2018-03-13 10:23:44.838396470 +0100 @@ -1,0 +2,20 @@ +Thu Mar 8 00:53:28 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 2.0.3 + * Fixed a number of security issues: + * TALOS-2017-0488/CVE-2017-12122/boo#1084256: + IMG_LoadLBM_RW code execution vulnerability + * TALOS-2017-0489/CVE-2017-14440/boo#1084257: + ILBM CMAP parsing code execution vulnerability + * TALOS-2017-0490/CVE-2017-14441/boo#1084282: + ICO pitch handling code execution vulnerability + * TALOS-2017-0491/CVE-2017-14442/boo#1084304: + Image palette population code execution vulnerability + * TALOS-2017-0497/CVE-2017-14448/boo#1084303: + load_xcf_tile_rle decompression code execution + * TALOS-2017-0498/CVE-2017-14449/boo#1084297: + do_layer_surface double free vulnerability + * TALOS-2017-0499/CVE-2017-14450/boo#1084288: + LWZ decompression buffer overflow vulnerability + +------------------------------------------------------------------- Old: ---- SDL2_image-2.0.2.tar.gz New: ---- SDL2_image-2.0.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SDL2_image.spec ++++++ --- /var/tmp/diff_new_pack.e0EUYx/_old 2018-03-13 10:23:46.938321235 +0100 +++ /var/tmp/diff_new_pack.e0EUYx/_new 2018-03-13 10:23:46.942321091 +0100 @@ -18,7 +18,7 @@ Name: SDL2_image %define lname libSDL2_image-2_0-0 -Version: 2.0.2 +Version: 2.0.3 Release: 0 Summary: SDL2 image loading library License: Zlib @@ -34,7 +34,7 @@ BuildRequires: pkg-config BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libwebp) -BuildRequires: pkgconfig(sdl2) >= 2.0.6 +BuildRequires: pkgconfig(sdl2) >= 2.0.8 BuildRoot: %{_tmppath}/%{name}-%{version}-build %description ++++++ SDL2_image-2.0.2.tar.gz -> SDL2_image-2.0.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/SDL2_image/SDL2_image-2.0.2.tar.gz /work/SRC/openSUSE:Factory/.SDL2_image.new/SDL2_image-2.0.3.tar.gz differ: char 5, line 1