[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47729: CVE-2021-30184 Arbitrary code execution in GNU Chess [securit
From: |
Maxime Devos |
Subject: |
bug#47729: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] |
Date: |
Mon, 12 Apr 2021 17:44:24 +0200 |
User-agent: |
Evolution 3.34.2 |
From https://nvd.nist.gov/vuln/detail/CVE-2021-30184:
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN
(Portable Game Notation) data. This is related to a buffer overflow in the use
of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in
frontend/cmd.cc.
Upstream bug report and patch:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
Upstream is aware of this issue and patch. The patch is being reviewed
upstream:
Response by Antonio Ceballos
(<https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html>)
‘We will review it all in detail for a future release fixing the problem.’
I believe we should simply wait for upstream to make a release.
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#47729: CVE-2021-30184 Arbitrary code execution in GNU Chess [security],
Maxime Devos <=