Bug#792420: zsnes: emulator escape vulnerability
Etienne Millon
me at emillon.org
Tue Jul 14 16:57:02 UTC 2015
* Paul Wise <pabs at debian.org> [150714 18:20]:
> According to this Youtube video and forum post, there are at least 3
> vulnerabilities in zsnes that allow ROMs to escape the zsnes
> emulator and execute arbitrary code on the host running zsnes. The
> known issues will be fixed in 1.52 but there may be more issues.
> This may or may not be related to the cppcheck warnings from bug
> #610313.
Thanks for the report.
While neither the exploit code nor a fix is out, I believe that the
best course of action is indeed to write a patch for #610313.
It may also be possible that due to hardening patches, this bug is not
exploitable in Debian.
--
Etienne Millon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150714/62e14bbd/attachment.sig>
More information about the Pkg-games-devel
mailing list