|
From: | GNU bug Tracking System |
Subject: | bug#47729: closed (CVE-2021-30184 Arbitrary code execution in GNU Chess [security]) |
Date: | Mon, 10 May 2021 19:50:01 +0000 |
Your message dated Mon, 10 May 2021 21:48:55 +0200 with message-id <06d2c07658acf6d550921288a630a0bb9f32dfd2.camel@telenet.be> and subject line Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] has caused the debbugs.gnu.org bug report #47729, regarding CVE-2021-30184 Arbitrary code execution in GNU Chess [security] to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs@gnu.org.) -- 47729: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=47729 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems
--- Begin Message ---Subject: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Date: Mon, 12 Apr 2021 17:44:24 +0200 User-agent: Evolution 3.34.2 From https://nvd.nist.gov/vuln/detail/CVE-2021-30184: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. Upstream bug report and patch: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html Upstream is aware of this issue and patch. The patch is being reviewed upstream: Response by Antonio Ceballos (<https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html>) ‘We will review it all in detail for a future release fixing the problem.’ I believe we should simply wait for upstream to make a release.signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Subject: Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Date: Mon, 10 May 2021 21:48:55 +0200 User-agent: Evolution 3.34.2 Fixed with https://git.savannah.gnu.org/cgit/guix.git/commit/?id=9a11f2380ff49756ace2f33bc96a88cdb6af5453.
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |