- marked as bug
Update 3rd Party binaries
Issue #5521
new
Just wanted to note that LaunchBox 11.2 contains older versions of a few third party apps which contain known vulnerabilities:
- Cygwin 1.7.30 (\ThirdParty\CDRDAO\cygwin1.dll) See CVE-2016-3067 & CVE-2017-7523.
- VLC 3.0.6 (ThirdParty\VLC\x64\vlc.exe and \ThirdParty\VLC\x86\vlc.exe) See CVE-2019-5439, CVE-2019-5459, CVE-2019-5460, CVE-2019-12874, CVE-2019-13602 & CVE-2019-13962.
-
DOSBox 0.74-0 (ThirdParty\DOSBox) Per the changelog:
DOSBox 0.74-3 has been released!
A security release for DOSBox 0.74:
Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel) Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre Bartel) Several other fixes for out of bounds access and buffer overflows. Some fixes to the OpenGL rendering.
Comments (1)
-
reporter - Log in to comment