[Git][security-tracker-team/security-tracker][master] Fill in details of the CVE IDs assigned for sgt-puzzles

Ben Hutchings (@benh) gitlab at salsa.debian.org
Sun Apr 23 23:43:31 BST 2023 


Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd21b526 by Ben Hutchings at 2023-04-24T00:39:48+02:00
Fill in details of the CVE IDs assigned for sgt-puzzles

7 CVE IDs have been assigned, but not published, for issues covered by
Debian bug #1028986.  Use my own summaries for these.

No CVE IDs were requested for the issues covered by Debian
bug #1034190.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19774,24 +19774,38 @@ CVE-2023-24293
 	RESERVED
 CVE-2023-24292
 	RESERVED
-CVE-2023-24291
-	RESERVED
+CVE-2023-24291 (A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+	[buster] - sgt-puzzles <no-dsa> (Minor issue)
 CVE-2023-24290
 	RESERVED
 CVE-2023-24289
 	RESERVED
-CVE-2023-24288
-	RESERVED
-CVE-2023-24287
-	RESERVED
-CVE-2023-24286
-	RESERVED
-CVE-2023-24285
-	RESERVED
-CVE-2023-24284
-	RESERVED
-CVE-2023-24283
-	RESERVED
+CVE-2023-24288 (A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+	[buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24287 (A crafted save file can cause a buffer overrun in the Undead puzzle)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+	[buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24286 (A crafted save file can cause a buffer overrun in the Mosaic puzzle)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
+	[buster] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
+CVE-2023-24285 (A crafted save file can cause a buffer overrun in the Netslide puzzle)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+	[buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24284 (A crafted save file can cause a buffer overrun in the Guess puzzle)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+	[buster] - sgt-puzzles <no-dsa> (Minor issue)
+CVE-2023-24283 (A crafted save file can cause a buffer overrun in the Guess puzzle)
+	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
+	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
+	[buster] - sgt-puzzles <no-dsa> (Minor issue)
 CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 al ...)
 	NOT-FOR-US: Poly Trio 8800
 CVE-2023-24281
@@ -21761,15 +21775,6 @@ CVE-2023-0307 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq
 	NOT-FOR-US: phpmyfaq
 CVE-2023-0306 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
 	NOT-FOR-US: phpmyfaq
-CVE-2023-XXXX [More security bugs in game loading]
-	[experimental] - sgt-puzzles 20230410.71cf891-1
-	- sgt-puzzles 20230122.806ae71-2 (bug #1034190)
-	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
-	[buster] - sgt-puzzles <no-dsa> (Minor issue)
-CVE-2023-XXXX [Multiple integer overflow and buffer overflow issues in game loading]
-	- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
-	[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
-	[buster] - sgt-puzzles <no-dsa> (Minor issue)
 CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...)
 	NOT-FOR-US: SourceCodester Online Food Ordering System
 CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd21b526efa1d9023cdaf587f5f41123f8e2e1a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd21b526efa1d9023cdaf587f5f41123f8e2e1a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230423/a2ab2ae6/attachment.htm>

More information about the debian-security-tracker-commits mailing list