Your message dated Thu, 18 Jul 2019 19:19:17 +0000 with message-id <e1hobvx-0003qd...@fasolo.debian.org> and subject line Bug#931222: fixed in dosbox 0.74-3-1 has caused the Debian Bug report #931222, regarding dosbox: CVE-2019-7165 CVE-2019-12594 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 931222: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931222 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dosbox Version: 0.74-2-3 Severity: important Tags: security upstream Control: found -1 0.74-4.2+deb9u1 Control: found -1 0.74-4 Hi, The following vulnerabilities were published for dosbox. > From https://www.dosbox.com/news.php?show_news=1 > > DOSBox 0.74-3 has been released! > > A security release for DOSBox 0.74: > > Fixed that a very long line inside a bat file would overflow the > parsing buffer. (CVE-2019-7165 by Alexandre Bartel) > Added a basic permission system so that a program running inside > DOSBox can't access the contents of /proc (e.g. /proc/self/mem) > when / or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre > Bartel) > Several other fixes for out of bounds access and buffer overflows. > Some fixes to the OpenGL rendering. > > > The game compatibility should be identical to 0.74 and 0.74-2. > It's recommended to use config -securemode when dealing with > untrusted files. > > > Ideally, 0.75 should have been released by now, but some bugs took a > lot longer than expected. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-7165 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7165 [1] https://security-tracker.debian.org/tracker/CVE-2019-12594 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12594 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: dosbox Source-Version: 0.74-3-1 We believe that the bug you reported is fixed in the latest version of dosbox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 931...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Kitt <sk...@debian.org> (supplier of updated dosbox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Jul 2019 20:55:50 +0200 Source: dosbox Architecture: source Version: 0.74-3-1 Distribution: unstable Urgency: medium Maintainer: Stephen Kitt <sk...@debian.org> Changed-By: Stephen Kitt <sk...@debian.org> Closes: 931222 Changes: dosbox (0.74-3-1) unstable; urgency=medium . * New upstream release, including security fixes: - CVE-2019-7165: long lines in batch files would overflow the parsing buffer; - CVE-2019-12594: programs running inside DOSBox could access /proc. Closes: #931222. * Switch to debhelper compatibility level 12. Checksums-Sha1: 5090675cfe7619c87ea35c6020615642136193ed 1980 dosbox_0.74-3-1.dsc 1e1dd91d13c283fd5fc3104a3eac95bec7203dbc 1326339 dosbox_0.74-3.orig.tar.gz 15f7b5601df8406bff9ad9e23a29cf3720ced073 89920 dosbox_0.74-3-1.debian.tar.xz dc58ba2c45cdfce0a9d782bac3a27131fada551a 10504 dosbox_0.74-3-1_source.buildinfo Checksums-Sha256: 6612b4eaa8c7e54bb25c4467d7385cd8248bbc0edc3dfa02a47a5877ce15c8c8 1980 dosbox_0.74-3-1.dsc c0d13dd7ed2ed363b68de615475781e891cd582e8162b5c3669137502222260a 1326339 dosbox_0.74-3.orig.tar.gz 737735e6d582853bad8e52e916315175fde52c21d8df1ecae539f63df61f87f9 89920 dosbox_0.74-3-1.debian.tar.xz ee1899ea1afc88afa98ae318eb7bd3e31c6a20dfa31343f3a6bb00382398ffdc 10504 dosbox_0.74-3-1_source.buildinfo Files: a83b82c2591ac83849517eadec1f4197 1980 otherosfs optional dosbox_0.74-3-1.dsc 759c75fffb59c542f80fb8391012911b 1326339 otherosfs optional dosbox_0.74-3.orig.tar.gz 2b2cdc6bc0531548e4c5c0476a4ec92c 89920 otherosfs optional dosbox_0.74-3-1.debian.tar.xz 63d57d5ba4b50aa7767ce7df660f8247 10504 otherosfs optional dosbox_0.74-3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAl0wwMMACgkQgNMC9Yht g5zdyw//VZQONuTGxbXVyyyxUxdnidKYnrs/IOOh+2GcLGpLokx7ziA7Vu8SMrRP 4Juk8BEniY729eM9cxYB321nYN2APMeUeLwad5x5xrgrP4SxPffjjTMBi1mdjXWd OeD3obkHA7B7YO3W0f646RGwyFKisIWoq4BgIXKrfltKGrmDDWkLzpUlKLChfzwk fAft6NZIfw6f0oHj+zaWhRg9oCtfn+MkaKOIfZ5uMVllP7tTHY9gsXSzSxMelUBu Mo4OCghtCPbwYgdVkwafaZtciM5W0vskmakvdlhYUrX1d6O/pFMnCFZr/TGvB5YJ BOV/QYvYx61zZ663i77KKLE6eUpxnB93C1+GGLDsWx5f8VVIQHKdOgBzAcm/QMq9 wv3hAY9ydm25VkAaAPkWmRB17uQIrxf/Q1rWPSFXa28960cGlqxSF6l/bXzpHNUu 3apa8adJQURlRaGgDO0ti4git0/BQIwO0iFYxS65hyxEZyedTNF8jtwvYP6bXm+C TgDGaapqVAYKSQrVg26LIQFc+zHV6UEI+I8bviCfCU+I8kNIXY0uRAXpqNDU1Ibw fGlJlOSMhK7eR6348wIT5kP9v//oJTCG+b5IMdv6Qjt3Oz/VuHBiK7joET6alrCh PZLgS/0ipDLpDQBc2ASS4BbvLzJHrrFvT36wDuKKIUSC/k4zcjk= =2GPn -----END PGP SIGNATURE-----
--- End Message ---
