On 12/16/2016 02:32 PM, Frank Cox wrote: > rpm -q --whatprovides /usr/lib64/libgme.so.0 > game-music-emu-0.6.0-5.el7.x86_64 > Like I said, I always reserve the right to be wrong. Debian has issued an update with a list of CVE's that are so new that they're not on mitre yet. Debian DSA-3735-1: https://security-tracker.debian.org/tracker/DSA-3735-1 This will be an EPEL update and not a CentOS one, as CentOS from media with no third-party repos does not have the affected library libgme. But a heads-up nonetheless, and a really good read if you are into how something like this (where this is Super NES audio chip (SPC700) assembly code) can cause a modern Linux distribution to be compromised. Silently, and in a drive-by-download fully automatic manner.