Bug#963626: tuxguitar: CVE-2020-14940
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 24 20:12:18 BST 2020
Source: tuxguitar
Version: 1.2-25
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/tuxguitar/bugs/126/
Control: found -1 1.2-23
Control: found -1 1.2-22
Hi,
The following vulnerability was published for tuxguitar.
CVE-2020-14940[0]:
| An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar
| 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading
| GP6 (.gpx) and GP7 (.gp) tablature files.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-14940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14940
[1] https://sourceforge.net/p/tuxguitar/bugs/126/
[2] https://logicaltrust.net/blog/2020/06/tuxguitar.html
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list