A CVE has been assigned for a security issue fixed upstream in gnuchess: http://openwall.com/lists/oss-security/2016/11/14/12 A freeze push request for gnuchess 6.2.4 has been sent. Upstream patch checked into Mageia 5 SVN.
CC: (none) => rverschelde
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Patched package uploaded for Mageia 5. Advisory: ======================== Updated gnuchess package fixes security vulnerability: gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess (CVE-2015-8972). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8972 http://openwall.com/lists/oss-security/2016/11/14/12 ======================== Updated packages in core/updates_testing: ======================== gnuchess-6.1.1-3.1.mga5 from gnuchess-6.1.1-3.1.mga5.src.rpm
CC: rverschelde => (none)Assignee: pkg-bugs => qa-bugs
Tested on a 64 bits Mageia 5 installation, real hardware. Using xboard front-end played a game gnuchess vs. gnuchess, before and after the update. The game finished with both versions.
CC: (none) => panasum
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0390.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/706844/