Source: dosbox Version: 0.74-2-3 Severity: important Tags: security upstream Control: found -1 0.74-4.2+deb9u1 Control: found -1 0.74-4
Hi, The following vulnerabilities were published for dosbox. > From https://www.dosbox.com/news.php?show_news=1 > > DOSBox 0.74-3 has been released! > > A security release for DOSBox 0.74: > > Fixed that a very long line inside a bat file would overflow the > parsing buffer. (CVE-2019-7165 by Alexandre Bartel) > Added a basic permission system so that a program running inside > DOSBox can't access the contents of /proc (e.g. /proc/self/mem) > when / or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre > Bartel) > Several other fixes for out of bounds access and buffer overflows. > Some fixes to the OpenGL rendering. > > > The game compatibility should be identical to 0.74 and 0.74-2. > It's recommended to use config -securemode when dealing with > untrusted files. > > > Ideally, 0.75 should have been released by now, but some bugs took a > lot longer than expected. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-7165 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7165 [1] https://security-tracker.debian.org/tracker/CVE-2019-12594 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12594 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
