Description: "In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file."
@maintainer(s), please create an ebuild for version 6.2.6 (just released) which contains a fix for this.
CVE-2019-15767 (https://nvd.nist.gov/vuln/detail/CVE-2019-15767): In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36e5d110f650769a6657df8955fb51c0b4cc615b commit 36e5d110f650769a6657df8955fb51c0b4cc615b Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-06-11 12:15:49 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-06-11 12:15:49 +0000 games-board/gnuchess: Version bump to 6.2.7 Bug: https://bugs.gentoo.org/711264 Bug: https://bugs.gentoo.org/720792 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: David Seifert <soap@gentoo.org> games-board/gnuchess/Manifest | 1 + games-board/gnuchess/gnuchess-6.2.7.ebuild | 16 ++++++++++++++++ 2 files changed, 17 insertions(+)
@maintainer(s), thanks, let us know when ready for stabling
Stabilisation is happening in bug 720792.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0b0c28aae4466e2cb6398eaa7578b8d342a2afa commit f0b0c28aae4466e2cb6398eaa7578b8d342a2afa Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-06-23 16:16:56 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-06-23 16:16:56 +0000 games-board/gnuchess: Remove old Bug: https://bugs.gentoo.org/711264 Package-Manager: Portage-2.3.102, Repoman-2.3.23 Signed-off-by: David Seifert <soap@gentoo.org> games-board/gnuchess/Manifest | 2 -- games-board/gnuchess/gnuchess-6.2.4.ebuild | 20 -------------------- games-board/gnuchess/gnuchess-6.2.5.ebuild | 20 -------------------- 3 files changed, 42 deletions(-)
Thanks!
GLSA vote: no. Closing, thanks all!