openSUSE has issued an advisory today (July 7): https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html The issue is fixed upstream in 3.0.1.
No recent maintainer, so assigning this globally.
Assignee: bugsquad => pkg-bugs
Done for mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated chocolate-doom package fixes security vulnerability: The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack (CVE-2020-14983). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14983 https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html ======================== Updated packages in core/updates_testing: ======================== chocolate-doom-3.0.1-1.mga7 from chocolate-doom-3.0.1-1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugs
Installed and tested without issues. After setting the keys to a sane configuration, played for about 30 minutes and a few levels from Doom, Doom2 and Dooms day of UAC. No problems found. $ uname -a Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep doom freedoom-0.11.3-1.mga7 chocolate-doom-3.0.1-1.mga7
Whiteboard: (none) => MGA7-64-OKCC: (none) => mageia
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0302.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED