Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711264 (CVE-2019-15767)

Summary: <games-board/gnuchess-6.2.7: Buffer overflow (CVE-2019-15767)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: games
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00005.html
Whiteboard: B3 [noglsa cve]
Package list:
=games-board/gnuchess-6.2.7 *
 Runtime testing required: ---
Bug Depends on: 720792    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 23:47:21 UTC 
Description:
"In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-19 08:19:10 UTC 
@maintainer(s), please create an ebuild for version 6.2.6 (just released) which contains a fix for this.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-04-19 22:19:38 UTC 
CVE-2019-15767 (https://nvd.nist.gov/vuln/detail/CVE-2019-15767):
  In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load
  function in frontend/cmd.cc via a crafted chess position in an EPD file.
Comment 3 Larry the Git Cow gentoo-dev 2020-06-11 12:16:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36e5d110f650769a6657df8955fb51c0b4cc615b

commit 36e5d110f650769a6657df8955fb51c0b4cc615b
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-06-11 12:15:49 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-06-11 12:15:49 +0000

    games-board/gnuchess: Version bump to 6.2.7
    
    Bug: https://bugs.gentoo.org/711264
    Bug: https://bugs.gentoo.org/720792
    Package-Manager: Portage-2.3.100, Repoman-2.3.22
    Signed-off-by: David Seifert <soap@gentoo.org>

 games-board/gnuchess/Manifest              |  1 +
 games-board/gnuchess/gnuchess-6.2.7.ebuild | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-11 16:08:14 UTC 
@maintainer(s), thanks, let us know when ready for stabling
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-14 21:57:13 UTC 
Stabilisation is happening in bug 720792.
Comment 6 Larry the Git Cow gentoo-dev 2020-06-23 16:17:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0b0c28aae4466e2cb6398eaa7578b8d342a2afa

commit f0b0c28aae4466e2cb6398eaa7578b8d342a2afa
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-06-23 16:16:56 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-06-23 16:16:56 +0000

    games-board/gnuchess: Remove old
    
    Bug: https://bugs.gentoo.org/711264
    Package-Manager: Portage-2.3.102, Repoman-2.3.23
    Signed-off-by: David Seifert <soap@gentoo.org>

 games-board/gnuchess/Manifest              |  2 --
 games-board/gnuchess/gnuchess-6.2.4.ebuild | 20 --------------------
 games-board/gnuchess/gnuchess-6.2.5.ebuild | 20 --------------------
 3 files changed, 42 deletions(-)
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-23 16:19:33 UTC 
Thanks!
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-26 05:16:40 UTC 
GLSA vote: no. Closing, thanks all!