Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 599730 (CVE-2015-8972) - <games-board/gnuchess-6.2.4 user input buffer overflow
Summary: <games-board/gnuchess-6.2.4 user input buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2015-8972
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 601976
Blocks:
  Show dependency tree
 
Reported: 2016-11-14 20:06 UTC by Sebastian Pipping
Modified: 2017-01-21 23:36 UTC (History)
1 user (show)

See Also:
Package list:
=games-board/gnuchess-6.2.4
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Pipping gentoo-dev 2016-11-14 20:06:43 UTC
As it got assigned a CVE, maybe getting games-board/gnuchess-6.2.4 with the fix stabilized would be a good idea.  Thanks!
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-11-15 09:59:36 UTC
@maintainer(s), package is already in the tree.  Please let us know if you are ready to stabilize.
Comment 2 Sebastian Pipping gentoo-dev 2016-11-15 19:12:20 UTC
I did the last three bumps.  No concerns about stabilization with me.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-11-17 06:42:05 UTC
@arches, please stabilize:

=games-board/gnuchess-6.2.4
Comment 4 Agostino Sarubbo gentoo-dev 2016-11-17 12:43:48 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-11-17 12:44:48 UTC
x86 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2016-11-18 06:31:41 UTC
Stable for PPC64.
Comment 7 Agostino Sarubbo gentoo-dev 2017-01-15 16:03:30 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 8 Sebastian Pipping gentoo-dev 2017-01-15 17:14:46 UTC
commit 408857fbcb4c1cd2f2ed9695893cf3133784e60e
Author: Sebastian Pipping <sping@g.o>
Date:   Sun Jan 15 18:06:32 2017 +0100

    games-board/gnuchess: Remove vulnerable (bug #599730)
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1

 games-board/gnuchess/Manifest                 |  2 --
 games-board/gnuchess/gnuchess-6.2.2-r1.ebuild | 29 ---------------------------
 games-board/gnuchess/gnuchess-6.2.3.ebuild    | 20 ------------------
 3 files changed, 51 deletions(-)

https://github.com/gentoo/gentoo/commit/408857fbcb4c1cd2f2ed9695893cf3133784e60e
Comment 9 Sebastian Pipping gentoo-dev 2017-01-15 18:10:19 UTC
(In reply to Sebastian Pipping from comment #8)
> commit 408857fbcb4c1cd2f2ed9695893cf3133784e60e

Needed to revert that because =games-board/gnuchess-book-1.02 depends on <games-board/gnuchess-6.2.3 and =games-board/gnuchess-book-1.02-r1 without that dependency is not yet marked stable.

So bug #601976 is a blocker for removal now.
Comment 10 Sebastian Pipping gentoo-dev 2017-01-21 20:48:24 UTC
Bug #601976 fixed now, vulnerable versions removed by soap:

games-board/gnuchess: Remove old
https://github.com/gentoo/gentoo/commit/ef4e62ddc7ae979365f4d12122c14a30decaeb80
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-21 23:36:08 UTC
GLSA Vote: No

Repository is clean.