MGASA-2019-0239

Updated sdl2 packages fix security vulnerabilities

This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.

• Fix CVE-2019-7572 (a buffer overread in IMAADPCMnibble) (rhbz#1676754)
• Fix CVE-2019-7572 (a buffer overwrite in IMAADPCMnibble) (rhbz#1676754)
• Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM) (rhbz#1676752, rhbz#1676756)
• Fix CVE-2019-7574 (a buffer overread in IMAADPCMdecode) (rhbz#1676750)
• Fix CVE-2019-7575 (a buffer overwrite in MSADPCMdecode) (rhbz#1676744)
• Fix CVE-2019-7577 (a buffer overread in MSADPCMdecode) (rhbz#1676510)
• Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)
• Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#1677159)
• Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157)
• Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152)
• Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)
• Fix CVE-2010-13616 (heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c)

The 2.0.10 release also provides various features and bug fixes.