Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 603092 - <media-libs/game-music-emu-0.6.1: Multiple issues due to incorrect emulation of the SPC700 audio co-processor of SNES
Summary: <media-libs/game-music-emu-0.6.1: Multiple issues due to incorrect emulation ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cve]
Keywords:
: 611040 (view as bug list)
Depends on:
Blocks: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961
  Show dependency tree
 
Reported: 2016-12-19 13:38 UTC by Agostino Sarubbo
Modified: 2017-07-08 12:32 UTC (History)
2 users (show)

See Also:
Package list:
=media-libs/game-music-emu-0.6.1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-12-19 13:38:07 UTC
From ${URL} :

Incorrect emulation of the SPC700 audio co-processor of the Super
Nintendo Entertainment System allows the execution of arbitrary code
if a malformed SPC music file is opened.

References:

http://scarybeastsecurity.blogspot.cz/2016/12/redux-compromising-linux-using-snes.html
http://seclists.org/oss-sec/2016/q4/682

CVE assignments:

http://seclists.org/oss-sec/2016/q4/692


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-01-09 00:04:07 UTC
@ Maintainer(s): Please bump to >=media-libs/game-music-emu-0.6.1
Comment 2 Alexis Ballier gentoo-dev 2017-02-27 09:36:32 UTC
*** Bug 611040 has been marked as a duplicate of this bug. ***
Comment 3 Alexis Ballier gentoo-dev 2017-02-27 09:39:23 UTC
commit 146d393d3bea760ce75f424897db6798310eed2b
Author: Alexis Ballier <aballier@gentoo.org>
Date:   Mon Feb 27 10:38:45 2017 +0100

    media-libs/game-music-emu: Bump to 0.6.1, bug #603092


I think it can go stable
Comment 4 Tobias Klausmann gentoo-dev 2017-02-28 11:24:31 UTC
Stable on alpha.
Comment 5 Markus Meier gentoo-dev 2017-02-28 17:30:54 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-03-02 10:30:42 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-03-02 10:48:18 UTC
x86 stable
Comment 8 Jeroen Roovers gentoo-dev 2017-03-05 12:35:43 UTC
Stable for HPPA PPC64.
Comment 9 Michael Weber (RETIRED) gentoo-dev 2017-03-08 22:12:53 UTC
ppc stable, last arch.
Comment 10 Yury German Gentoo Infrastructure gentoo-dev Security 2017-03-24 05:27:07 UTC
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-11 05:41:42 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 12 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-30 12:33:18 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 13 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-27 01:04:10 UTC
Arches and Maintainer(s), Thank you for your work.
Comment 14 Thomas Deutschmann gentoo-dev Security 2017-06-03 14:51:30 UTC
Freeing aliases for tracker bug usage.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2017-07-08 12:32:37 UTC
This issue was resolved and addressed in
 GLSA 201707-02 at https://security.gentoo.org/glsa/201707-02
by GLSA coordinator Thomas Deutschmann (whissi).