Version in base suite: 1.2.4-1
Version in overlay suite: 1.2.4-1etch1

Base version: sdl-image1.2_1.2.4-1
Target version: sdl-image1.2_1.2.4-1etch1
Base file: /org/ftp.debian.org/ftp/pool/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1.dsc
Target file: /org/ftp.debian.org/ftp/pool/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.dsc

diff -u sdl-image1.2-1.2.4/debian/changelog sdl-image1.2-1.2.4/debian/changelog
--- sdl-image1.2-1.2.4/debian/changelog
+++ sdl-image1.2-1.2.4/debian/changelog
@@ -1,3 +1,10 @@
+sdl-image1.2 (1.2.4-1etch1) oldstable-security; urgency=high
+
+  * CVE-2007-6697: Fix buffer overflow in GIF handling.
+  * CVE-2008-0544: Fix heap based buffer overflow in IMG_LoadLBM_RW.
+
+ -- Michael Koch <konqueror@gmx.de>  Wed, 06 Feb 2008 08:12:29 +0100
+
 sdl-image1.2 (1.2.4-1) unstable; urgency=low
 
   * New upstream release
only in patch2:
unchanged:
--- sdl-image1.2-1.2.4.orig/IMG_gif.c
+++ sdl-image1.2-1.2.4/IMG_gif.c
@@ -406,6 +406,10 @@
     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
     register int i;
 
+    /* Fixed buffer overflow found by Michael Skladnikiewicz */
+    if (input_code_size > MAX_LWZ_BITS)
+	return -1;
+
     if (flag) {
 	set_code_size = input_code_size;
 	code_size = set_code_size + 1;
only in patch2:
unchanged:
--- sdl-image1.2-1.2.4.orig/IMG_lbm.c
+++ sdl-image1.2-1.2.4/IMG_lbm.c
@@ -321,7 +321,7 @@
 						count ^= 0xFF;
 						count += 2; /* now it */
 
-						if ( !SDL_RWread( src, &color, 1, 1 ) )
+						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
 						{
 						   error="error reading BODY chunk";
 							goto done;
@@ -332,7 +332,7 @@
 					{
 						++count;
 
-						if ( !SDL_RWread( src, ptr, count, 1 ) )
+						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
 						{
 						   error="error reading BODY chunk";
 							goto done;