From https://nvd.nist.gov/vuln/detail/CVE-2021-30184:
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. Upstream bug report and patch: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html Upstream is aware of this issue and patch. The patch is being reviewed upstream: Response by Antonio Ceballos (<https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html>) ‘We will review it all in detail for a future release fixing the problem.’ I believe we should simply wait for upstream to make a release.
signature.asc
Description: This is a digitally signed message part
