DOSBox 0.74-3 has been released on June 26: https://www.dosbox.com/ It fixes several security issues. Mageia 6 is also affected.
Whiteboard: (none) => MGA7TOO, MGA6TOOStatus comment: (none) => Fixed upstream in 0.74-3
I think this is for you, José.
Assignee: bugsquad => lists.jjorgeCC: (none) => lewyssmith
Waiting for MGA7 release to push to testing. Pushed to MGA6.
Update in testing for MGA6. Suggested advisory: Dosbox 0.74-3 is a security release: * Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel) * Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre Bartel) It also brings several other fixes for out of bounds access and buffer overflows, and some fixes to the OpenGL rendering. The game compatibility should be identical to 0.74 and 0.74-2. It's recommended to use config -securemode when dealing with untrusted files. Only one RPM and SRPM : dosbox-0.74.3-1.mga6.*.*rpm
Assignee: lists.jjorge => qa-bugsStatus: NEW => ASSIGNED
CC: (none) => lists.jjorge
Submitted to Cauldron and MGA7, changing whiteboard accordingly
Version: Cauldron => 7Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO
CC: lewyssmith => (none)
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. At CLI: $ dosbox Locale detected: nl Locale file to use: dosbox-0.74-nl.lng DOSBox version 0.74-3 Copyright 2002-2019 DOSBox Team, published under GNU GPL. --- CONFIG: Generating default configuration. Writing it to /home/tester6/.dosbox/dosbox-0.74-3.conf CONFIG:Loading primary settings from config file /home/tester6/.dosbox/dosbox-0.74-3.conf MIXER:Got different values from SDL: freq 44100, blocksize 512 ALSA:Can't subscribe to MIDI port (65:0) nor (17:0) MIDI:Opened device:none I could exercize some DOS commands dir, cd, info, config. So basically works OK.
Whiteboard: MGA6TOO => MGA6TOO, MGA6-32-OKCC: (none) => herman.viaene
Same exercize for MGA7, OK for me.
Whiteboard: MGA6TOO, MGA6-32-OK => MGA6TOO, MGA6-32-OK, MGA7-32-OK
Whiteboard: MGA6TOO, MGA6-32-OK, MGA7-32-OK => MGA6TOO MGA6-32-OK MGA7-32-OK
Advisory uploaded, validating.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0205.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Debian advisory from July 10, for reference: https://www.debian.org/security/2019/dsa-4478