CVE-2023-24286

Name	CVE-2023-24286
Description	A crafted save file can cause a buffer overrun in the Mosaic puzzle
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1028986

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
sgt-puzzles (PTS)	buster	20170606.272beef-1	fixed
	bullseye	20191231.79a5378-3+deb11u1	fixed
	bookworm	20230122.806ae71-2	fixed
	sid, trixie	20230410.71cf891-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
sgt-puzzles	source	buster	(not affected)
sgt-puzzles	source	bullseye	(not affected)
sgt-puzzles	source	(unstable)	20230122.806ae71-1	1028986

[bullseye] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
[buster] - sgt-puzzles <not-affected> (Vulnerable code introduced later)