[SECURITY] [DSA 4478-1] dosbox security update

2019-07-10 Thread Moritz Muehlenhoff 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4478-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
- -

Package: dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594

Two vulnerabilities were discovered in the DOSBox emulator, which could
result in the execution of arbitrary code on the host running DOSBox
when running a malicious executable in the emulator.

For the oldstable distribution (stretch), these problems have been fixed
in version 0.74-4.2+deb9u2.

For the stable distribution (buster), these problems have been fixed in
version 0.74-2-3+deb10u1.

We recommend that you upgrade your dosbox packages.

For the detailed security status of dosbox please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dosbox

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0mSGAACgkQEMKTtsN8
TjbdGBAAgzcYW4ErXkblTmZzfKyy8Y8bQRnEPZQOCG7saYWPfBVASpfMJlqWXPoe
jN6iRIuODi15q2/80idthAoW15eUKocys7++f471zntnAlZZfrGH2opLirXUDrJc
k0QmO+C85dzBZr5CNdAlhfk3TOzS/0vkhWoLS6iOGvjiXvmhT1g9gOkj29uzNWjT
ynFLXsmom43nUXdm1wukjp1+iwkumeeUEiwvGVcNqZJINbebBgXB4CTRORjsV+3j
mn0VU83L6BYaOCnhrbSu0eoG/e5evT3leHC0CfRRRQXLehWOu113byJ61TE4oSq8
fjXA0B9JXkBSKkbvqUOpaocovrgGrMxmugZk9GzXQTpTqyA/TCz/i3raOwG0a7GN
LVGlAYnoX3t75G1lh+wie2hE+winrA/bvFhUOf2eVOdTnXTdoH2rFTXbYrrtya1K
FoGZI85Q0mVr/r5T9xwEBxspIXBIKa0n2bs/Zs+HwfYIMiabNWc2B2uXSr/I5Usd
pAD7eJ4XRZUlAEvJHNHr9QuHt1PPwYAuaqyA+h6Nh2MeQRDPu4hbJ+l3l7HPZ24n
AFKl1zYnK3qf7wRQE34CnBsflrEaR0S2Hw0FOMW9MRgbfpUc4gFAtwM/y3GRidu2
Xg4uOBkUQecSTUbENQfAfUNqo0bJN26VQuNbX2rSB/ZtKCX/gbc=
=3WS8
-END PGP SIGNATURE-

Bug#931785: release-notes: bullseye: security suite renamed to bullseye-security (from buster/updates)

2019-07-10 Thread Ansgar Burchardt 
Package: release-notes
Severity: normal

For bullseye, the security suite is now named bullseye-security
instead of buster/updates and users should adapt their sources.list
accordingly when upgrading.

People should probably use something like

  deb http://security.debian.org/debian-security bullseye-security main

(adding /debian-security was proposed in [1]).

See [2][3][4] for some more information.

I should probably also sent a mail to d-d-a@ or so about this in the
near future...

Ansgar

  [1] https://lists.debian.org/debian-devel/2015/12/msg00333.html
  [2] https://bugs.debian.org/614204
  [3] https://lists.debian.org/debian-devel/2015/12/msg00254.html
  [4] https://lists.debian.org/debian-security/2019/06/msg00015.html

External check

2019-07-10 Thread Security Tracker 
CVE-2019-10176: RESERVED
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.