We've released security updates to address this issue for all supported Ubuntu releases:
https://launchpad.net/ubuntu/+source/game-music-emu/0.6.0-3ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/game-music-emu/0.6.0-3ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/game-music-emu/0.5.5-2ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/game-music-emu/0.5.5-2ubuntu0.12.04.1 Please make sure that you've applied all security updates. Thanks! ** Information type changed from Private Security to Public Security ** Also affects: game-music-emu (Ubuntu) Importance: Undecided Status: New ** Changed in: gst-plugins-bad1.0 (Ubuntu) Status: New => Invalid ** Changed in: totem (Ubuntu) Status: New => Invalid ** Changed in: game-music-emu (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gst-plugins-bad1.0 in Ubuntu. https://bugs.launchpad.net/bugs/1650523 Title: Plugin "SNES-SPC700 Sound File Data decoder" in gstreamer1.0-plugins- bad may have security vulnerability Status in game-music-emu package in Ubuntu: Fix Released Status in gst-plugins-bad1.0 package in Ubuntu: Invalid Status in totem package in Ubuntu: Invalid Bug description: Steps: 1. Ubuntu 16.04.1 LTS 2. Trying to play xcalc_ubuntu_16.04_libc_2.23-0ubuntu3.spc file from this blog post ( https://scarybeastsecurity.blogspot.ru/2016/12/redux-compromising-linux-using-snes.html ) and this video ( https://www.youtube.com/watch?v=wrCLoem6ggM ). 3. Totem found required plugin for playing "SNES-SPC700 Sound File Data decoder" which is in gstreamer1.0-plugins-bad. 4. xcalc does not launched on music play or by Nautilus launch. Ubuntu security team, please read blog post (see above link) and confirm (and fix) or refute zero-day vulnerability. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: gstreamer1.0-plugins-bad 1.8.2-1ubuntu0.2 ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13 Uname: Linux 4.4.0-31-generic i686 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: i386 CasperVersion: 1.376 CurrentDesktop: Unity Date: Fri Dec 16 12:03:27 2016 LiveMediaBuild: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release i386 (20160719) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gst-plugins-bad1.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/game-music-emu/+bug/1650523/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
