openSUSE has issued an advisory today (July 7):
The issue is fixed upstream in 3.0.1.
No recent maintainer, so assigning this globally.
Done for mga7!
Updated chocolate-doom package fixes security vulnerability:
The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled
num_players value, leading to a buffer overflow. A malicious user can overwrite
the server's stack (CVE-2020-14983).
Updated packages in core/updates_testing:
Installed and tested without issues.
After setting the keys to a sane configuration, played for about 30 minutes and a few levels from Doom, Doom2 and Dooms day of UAC. No problems found.
$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep doom
Validating. Advisory in Comment 3.
An update for this issue has been pushed to the Mageia Updates repository.