Source: tuxguitar Version: 1.2-25 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/tuxguitar/bugs/126/ Control: found -1 1.2-23 Control: found -1 1.2-22
Hi, The following vulnerability was published for tuxguitar. CVE-2020-14940[0]: | An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar | 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading | GP6 (.gpx) and GP7 (.gp) tablature files. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-14940 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14940 [1] https://sourceforge.net/p/tuxguitar/bugs/126/ [2] https://logicaltrust.net/blog/2020/06/tuxguitar.html Regards, Salvatore
