CVE Request: teeworlds: possible remote code execution on teeworlds client

[Salvatore Bonaccorso <carnil () debian org>]

Hi

teeworlds, a online multi-player platform 2D shooter, released a new
upstream version 0.6.4 stating the following in the news:

> 0.6.4 released - another security fix
> (posted by: heinrich5991) | 2016-11-13
> As with the 0.6.3 release, a reported security vulnerability motivated
> this release: This time, the security vulnerability is worse, attacker
> controlled memory-writes and possibly arbitrary code execution on the
> client, abusable by any server the client joins.

https://www.teeworlds.com/?page=news&id=12086

Upstream fix:
https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62

Bug report in Debian: https://bugs.debian.org/844546

Could you assign a CVE for this issue?

Regards,
Salvatore