[SECURITY] [DLA 1845-1] dosbox security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1845-1] dosbox security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 7 Jul 2019 19:23:40 +0200
Message-id: <[🔎] b0e2a754-6ebc-682c-f5e9-b9d6d666133c@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : dosbox
Version        : 0.74-4+deb8u1
CVE ID         : CVE-2019-7165 CVE-2019-12594
Debian Bug     : 931222

Several security vulnerabilities were discovered in DOSBox, an
emulator for running old DOS programs.

CVE-2019-7165

    A very long line inside a bat file would overflow the parsing buffer
    which could be used by an attacker to execute arbitrary code.

CVE-2019-12594

    Insufficient access controls inside DOSBox allowed attackers to
    access resources on the host system and execute arbitrary code.

For Debian 8 "Jessie", these problems have been fixed in version
0.74-4+deb8u1.

We recommend that you upgrade your dosbox packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0iKpxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSw8xAArN6x1ZnwUK09AW5jb+sqZ2zj46vOsIHJeL/TQ/y9w3cadB9n2OAZZnKY
1V64tJ7IXkEQ8iWMLJvUhCU7UWY81MGdz+cYeswuhiNXpM+qnhtwYyThBkbEbE33
/V8uXB4z2NALEEf0aTJbA72ykkWCcBt4q9QE2noZUAILhXp82VuSZafa/EHpzwhG
lAwZ+QYbLfHREgI4r1uVCJ6tcT/cRoGVkCyrlsQ+CH0DLkohK1FVkSiomqeu3vPy
X0vHut9z3Z3IYQHC8OVtbGABdI2TnZiGhTvbqpEc6r+yyITnU+LSoBQ5dkgZlSsT
lkW7FZ/J1UTKCtsyU5gBLg0oYOV0rAWNwM8nVkaNmTav0Rc2S+NOOncdHfhbSd5R
EZljxs7DhkgnfUP4rY/9pcL6IuYmMxX0fhW9C6pvQIREnSnVDTOb0EZLJYAUWUB2
NQCWGZP18QP76O0QjKCXrpjJEffYS335D/jsGkGO2dEznMZoijHpFwAck48HFAjd
SyLXTe3wq4zLsVoSuGqISebOmTXW1yhbopBHy64beiQvvxJrTeU7nYNQh/BGIPRO
BDhMG/++wixGgAE4XYjki7lza41KjQnLITMV6ZDIJ+ZAVRyW+p6Al7MAN39GBgjH
ajkJjixmSiM6OgvL7lpAtWustMkhuRWeHcmLfrs1Xl6/+U9jbX8=
=eQEO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1844-1] lemonldap-ng security update
Next by Date: [SECURITY] [DLA 1846-1] unzip security update
Previous by thread: [SECURITY] [DLA 1844-1] lemonldap-ng security update
Next by thread: [SECURITY] [DLA 1846-1] unzip security update
Index(es):
- Date
- Thread