Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Further information can be found at

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3735-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                       Moritz Muehlenhoff
December 15, 2016                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : game-music-emu
CVE ID         : not yet available

Chris Evans discovered that incorrect emulation of the SPC700 audio
co-processor of the Super Nintendo Entertainment System allows the
execution of arbitrary code if a malformed SPC music file is opened.
Further information can be found at
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

For the stable distribution (jessie), this problem has been fixed in
version 0.5.5-2+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 0.6.0-4.

We recommend that you upgrade your game-music-emu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.