[Git][security-tracker-team/security-tracker][master] Fill in details of the CVE IDs assigned for sgt-puzzles

[Ben Hutchings (@benh)]

Ben Hutchings pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd21b526 by Ben Hutchings at 2023-04-24T00:39:48+02:00
Fill in details of the CVE IDs assigned for sgt-puzzles

7 CVE IDs have been assigned, but not published, for issues covered by
Debian bug #1028986.  Use my own summaries for these.

No CVE IDs were requested for the issues covered by Debian
bug #1034190.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19774,24 +19774,38 @@ CVE-2023-24293
        RESERVED
 CVE-2023-24292
        RESERVED
-CVE-2023-24291
-       RESERVED
+CVE-2023-24291 (A crafted save file can cause a buffer overrun in Simon 
Tatham's Portable Puzzle Collection)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+       [buster] - sgt-puzzles <no-dsa> (Minor issue)
 CVE-2023-24290
        RESERVED
 CVE-2023-24289
        RESERVED
-CVE-2023-24288
-       RESERVED
-CVE-2023-24287
-       RESERVED
-CVE-2023-24286
-       RESERVED
-CVE-2023-24285
-       RESERVED
-CVE-2023-24284
-       RESERVED
-CVE-2023-24283
-       RESERVED
+CVE-2023-24288 (A crafted save file can cause a buffer overrun in Simon 
Tatham's Portable Puzzle Collection)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+       [buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24287 (A crafted save file can cause a buffer overrun in the Undead 
puzzle)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+       [buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24286 (A crafted save file can cause a buffer overrun in the Mosaic 
puzzle)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <not-affected> (Vulnerable code introduced 
later)
+       [buster] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
+CVE-2023-24285 (A crafted save file can cause a buffer overrun in the Netslide 
puzzle)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+       [buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24284 (A crafted save file can cause a buffer overrun in the Guess 
puzzle)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+       [buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24283 (A crafted save file can cause a buffer overrun in the Guess 
puzzle)
+       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+       [buster] - sgt-puzzles <no-dsa> (Minor issue)
 CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 
7.2.2.1094 al ...)
        NOT-FOR-US: Poly Trio 8800
 CVE-2023-24281
@@ -21761,15 +21775,6 @@ CVE-2023-0307 (Weak Password Requirements in GitHub 
repository thorsten/phpmyfaq
        NOT-FOR-US: phpmyfaq
 CVE-2023-0306 (Cross-site Scripting (XSS) - Stored in GitHub repository 
thorsten/phpm ...)
        NOT-FOR-US: phpmyfaq
-CVE-2023-XXXX [More security bugs in game loading]
-       [experimental] - sgt-puzzles 20230410.71cf891-1
-       - sgt-puzzles 20230122.806ae71-2 (bug #1034190)
-       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
-       [buster] - sgt-puzzles <no-dsa> (Minor issue)
-CVE-2023-XXXX [Multiple integer overflow and buffer overflow issues in game 
loading]
-       - sgt-puzzles 20230122.806ae71-1 (bug #1028986)
-       [bullseye] - sgt-puzzles <no-dsa> (Minor issue)
-       [buster] - sgt-puzzles <no-dsa> (Minor issue)
 CVE-2023-0305 (A vulnerability classified as critical was found in 
SourceCodester Onl ...)
        NOT-FOR-US: SourceCodester Online Food Ordering System
 CVE-2023-0304 (A vulnerability classified as critical has been found in 
SourceCodeste ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd21b526efa1d9023cdaf587f5f41123f8e2e1a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd21b526efa1d9023cdaf587f5f41123f8e2e1a6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits