[Git][security-tracker-team/security-tracker][master] Add CVE-2026-39199/libretro-snes9x

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a5463a8 by Salvatore Bonaccorso at 2026-06-21T09:44:25+02:00
Add CVE-2026-39199/libretro-snes9x

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1385,7 +1385,11 @@ CVE-2026-39445 (Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
 CVE-2026-39442 (Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-39199 (snes9x 1.63 allows an out-of-bounds write and denial of service via a  ...)
-	TODO: check
+	- libretro-snes9x <unfixed>
+	[trixie] - libretro-snes9x <no-dsa> (non-free not supported)
+	NOTE: https://karansaini.com/snes9x-oob-write/
+	NOTE: https://github.com/snes9xgit/snes9x/issues/1035
+	NOTE: https://github.com/snes9xgit/snes9x/commit/96b366100172723f6314c40e237b370f4f7b59f4
 CVE-2026-36418 (JimuReport versions 2.3.4 and below are vulnerable to remote code exec ...)
 	NOT-FOR-US: JimuReport
 CVE-2026-35162 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a5463a874ee2599b200aa64c593bb3930224d38

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a5463a874ee2599b200aa64c593bb3930224d38
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260621/ea3c541f/attachment.htm>