the old sdl 1.2.15 needs updating to 1.2.16

I'm not sure how many packages actually use the old 1.2.x sdl instead of the current 2.x sdl2 package, but the [1.2.15 tarball nixpkgs is pulling](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/SDL/default.nix) is 9 years behind upstream rolling release 1.2.16 and is missing multiple backported fixes, including CVE-related patches: https://github.com/libsdl-org/SDL-1.2/blob/main/WhatsNew

The CVEs:

```
- Audio, wav loader: security fixes for ADPCM decoding (CVE-2019-7572,
  CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576,
  CVE-2019-7577, CVE-2019-7578 -- bugs 4490, 4491, 4492, 4493, 4494,
  4495, 4496, and 4522.)
```

```
- Video, bmp loader:  security fixes for CVE-2019-7635, CVE-2019-7636,
  CVE-2019-7638, CVE-2019-13616 (bugs 4498, 4499, 4500, 4517 and 4538.)
```

```
- Video: fix integer overflow in SDL_CalculatePitch (CVE-2019-7637,
  bug 4497.)
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

the old sdl 1.2.15 needs updating to 1.2.16 #177997

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

the old sdl 1.2.15 needs updating to 1.2.16 #177997

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions