http://bugzilla.opensuse.org/show_bug.cgi?id=1015941 Bug ID: 1015941 Summary: VUL-0: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- References:[1] http://seclists.org/oss-sec/2016/q4/682 ========================================================= [1]: Hi As reported by Chris Evans via http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using... Incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Debian released a DSA for this issue (in the qemu-music-emu source package): https://lists.debian.org/debian-security-announce/2016/msg00318.html Could you please assign a CVE for this issue. Regards, Salvatore ========================================================= [2] Vuln Description with Patch: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using... Assigned CVEs: [3] http://seclists.org/oss-sec/2016/q4/692 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 -- You are receiving this mail because: You are on the CC list for the bug.