Fedora has issued an advisory today (April 27): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TB4FURVE4C35UDXGAAHJL5NIHJQ3WDZT/ The issue is fixed upstream in 6.2.6.
Status comment: (none) => Fixed upstream in 6.2.6
Done for mga7!
Advisory: ======================== Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file (CVE-2019-15767). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15767 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TB4FURVE4C35UDXGAAHJL5NIHJQ3WDZT/ ======================== Updated packages in core/updates_testing: ======================== gnuchess-6.2.6-1.mga7 from gnuchess-6.2.6-1.mga7.src.rpm
CC: (none) => geiger.david68210Status comment: Fixed upstream in 6.2.6 => (none)Assignee: geiger.david68210 => qa-bugs
Installed was able to start it at the command line. installed xboard - that worked as well. good enough to me.
CC: (none) => brtians1
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0194.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED