bug#47729: closed (CVE-2021-30184 Arbitrary code execution in GNU Chess [security])

[GNU bug Tracking System]

Your message dated Mon, 10 May 2021 21:48:55 +0200
with message-id <06d2c07658acf6d550921288a630a0bb9f32dfd2.camel@telenet.be>
and subject line Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess 
[security]
has caused the debbugs.gnu.org bug report #47729,
regarding CVE-2021-30184 Arbitrary code execution in GNU Chess [security]
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
47729: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=47729
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

--- Begin Message --- Subject: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Date: Mon, 12 Apr 2021 17:44:24 +0200 User-agent: Evolution 3.34.2

From https://nvd.nist.gov/vuln/detail/CVE-2021-30184:

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN
(Portable Game Notation) data. This is related to a buffer overflow in the use
of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in
frontend/cmd.cc.

Upstream bug report and patch:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html

Upstream is aware of this issue and patch.  The patch is being reviewed 
upstream:

Response by Antonio Ceballos 
(<https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html>)
‘We will review it all in detail for a future release fixing the problem.’

I believe we should simply wait for upstream to make a release.

signature.asc
Description: This is a digitally signed message part

--- End Message ---

> --- Begin Message ---
>
>
>
> Subject: 
>
> Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess [security]
>
>
>
>
> Date: 
>
> Mon, 10 May 2021 21:48:55 +0200
>
>
>
>
> User-agent: 
>
> Evolution 3.34.2 
>
>
>
>
> Fixed with 
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=9a11f2380ff49756ace2f33bc96a88cdb6af5453.
>
>
>
>
> --- End Message ---