From unknown Sat Sep 20 03:14:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#47729: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 12 Apr 2021 15:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 47729 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 47729@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161824228110064 (code B ref -1); Mon, 12 Apr 2021 15:45:01 +0000 Received: (at submit) by debbugs.gnu.org; 12 Apr 2021 15:44:41 +0000 Received: from localhost ([127.0.0.1]:57761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVyju-0002cD-CF for submit@debbugs.gnu.org; Mon, 12 Apr 2021 11:44:41 -0400 Received: from lists.gnu.org ([209.51.188.17]:50212) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVyjt-0002c5-A1 for submit@debbugs.gnu.org; Mon, 12 Apr 2021 11:44:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lVyjt-0007gH-1S for bug-guix@gnu.org; Mon, 12 Apr 2021 11:44:37 -0400 Received: from laurent.telenet-ops.be ([2a02:1800:110:4::f00:19]:41388) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lVyjq-0006X2-8Y for bug-guix@gnu.org; Mon, 12 Apr 2021 11:44:36 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by laurent.telenet-ops.be with bizsmtp id rrkV2400L0mfAB401rkVvA; Mon, 12 Apr 2021 17:44:29 +0200 Message-ID: <0a0b536cf697c37adfca19ccb547e22c9cee4ce0.camel@telenet.be> From: Maxime Devos Date: Mon, 12 Apr 2021 17:44:24 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-sDojTtl3foGSiPIa50CF" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1618242269; bh=amApKRThrE0TnvGW747HVhjy9L23c0gPMtNvdFm8Ir8=; h=Subject:From:To:Date; b=TF7d+V3hdPhREOdZGX7CbZc9tyM1njAUuNeZgvMf/Akp7h3D84ii4GhlIwEmXGgQl DESlZQMzqixH8pePQjP6jg/TJ/ryzQmKbS6/7WEOJz1L+2W4e6MIChbHoxR8Wev0RP tc7KMEmtG11X+HO52XvGU032hnAVXlsGfcg0ccQ4l0f13pebnDU4HK5GNRfJSk0adh ZiNPNV1kOrbv6YYB8Jcln98isiXLMRgyCudzFj4ydtSOVJJHTiolzA+E+bqUhxt/hv UVO7mzNPrSp3rOdLAT1K6c3JDCjQW5OV8QFd5pwutxUbhKklDHX4iiwcfQiBtoWdUV oivZlzAEZnoLg== Received-SPF: pass client-ip=2a02:1800:110:4::f00:19; envelope-from=maximedevos@telenet.be; helo=laurent.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.2 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-sDojTtl3foGSiPIa50CF Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =46rom https://nvd.nist.gov/vuln/detail/CVE-2021-30184: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the = use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions= in frontend/cmd.cc. Upstream bug report and patch: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html Upstream is aware of this issue and patch. The patch is being reviewed ups= tream: Response by Antonio Ceballos () =E2=80=98We will review it all in detail for a future release fixing the pr= oblem.=E2=80=99 I believe we should simply wait for upstream to make a release. --=-sDojTtl3foGSiPIa50CF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHRq2BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o76AP9ixzfK48MaqYYWx/Y93dKzqyTW jgm+sOJe25bU3sTNDgEA5XWV+sZ56Ptxz6rSG88YRQlkBa4bATPktp3Wjt1FqQY= =Va44 -----END PGP SIGNATURE----- --=-sDojTtl3foGSiPIa50CF-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 12 16:31:39 2021 Received: (at control) by debbugs.gnu.org; 12 Apr 2021 20:31:39 +0000 Received: from localhost ([127.0.0.1]:58190 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lW3Df-0005e9-Kg for submit@debbugs.gnu.org; Mon, 12 Apr 2021 16:31:39 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:45194) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lW3Dd-0005e0-CZ for control@debbugs.gnu.org; Mon, 12 Apr 2021 16:31:38 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by baptiste.telenet-ops.be with bizsmtp id rwXb2400P0mfAB401wXbvk; Mon, 12 Apr 2021 22:31:35 +0200 Message-ID: Subject: From: Maxime Devos To: control@debbugs.gnu.org Date: Mon, 12 Apr 2021 22:31:35 +0200 Content-Type: text/plain User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1618259495; bh=uppxbFPlVZ3UrR2mNk0JpdyPMflXpQPGdP23CMqeghw=; h=Subject:From:To:Date; b=pKOLhCmAOvPljqsQy2/Q8PehkbO/4k7Apw01qXYFge3SN69SIyYTkC3TfQc1pGqWu cgRivlCI8QHH0J52E+Bx5GE4HQILjW6Yttys/VzXC1NKlXAS9UZuEIfWNriEbHh5fD l/TMdBg9B5pvRoQYYNCo9hDLEu6OQAi4DZVMD0mq/1yYztMf01QyXnfrArXIFRKTAn DBZM4Lqhlm2foHGO4E4D49a4kJLwIzUmhlPM/FogqsW47WT4d9lyE+s+9xNMRYopzN WipR5NdGwEwU1PzZKUCg4+U+3YVl12R5OPeqRHWC41tO60x+IeR9ftY1jbsIXSqqDP d9HrJgCqNuq/Q== X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: tags 47729 security thanks Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [195.130.132.51 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [195.130.132.51 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (maximedevos[at]telenet.be) 2.0 BLANK_SUBJECT Subject is present but empty 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) tags 47729 security thanks From unknown Sat Sep 20 03:14:23 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Maxime Devos Subject: bug#47729: closed (Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess [security]) Message-ID: References: <06d2c07658acf6d550921288a630a0bb9f32dfd2.camel@telenet.be> <0a0b536cf697c37adfca19ccb547e22c9cee4ce0.camel@telenet.be> X-Gnu-PR-Message: they-closed 47729 X-Gnu-PR-Package: guix X-Gnu-PR-Keywords: security Reply-To: 47729@debbugs.gnu.org Date: Mon, 10 May 2021 19:50:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1620676202-30978-1" This is a multi-part message in MIME format... ------------=_1620676202-30978-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #47729: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 47729@debbugs.gnu.org. --=20 47729: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D47729 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1620676202-30978-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 47729-done) by debbugs.gnu.org; 10 May 2021 19:49:01 +0000 Received: from localhost ([127.0.0.1]:34395 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgBtl-000824-CU for submit@debbugs.gnu.org; Mon, 10 May 2021 15:49:01 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:52460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgBti-00081t-4M for 47729-done@debbugs.gnu.org; Mon, 10 May 2021 15:49:00 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by michel.telenet-ops.be with bizsmtp id 37ov2500D0mfAB4067ovQx; Mon, 10 May 2021 21:48:56 +0200 Message-ID: <06d2c07658acf6d550921288a630a0bb9f32dfd2.camel@telenet.be> Subject: Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] From: Maxime Devos To: 47729-done@debbugs.gnu.org Date: Mon, 10 May 2021 21:48:55 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1620676136; bh=RSH3gq52O67vPytEXTpQkA3rtFFoAlOb0w7W/3jS4Hg=; h=Subject:From:To:Date; b=JP463XFgWFm7S1vb1QxCfkN3GlhLgML71+y06h8G9FvpYhD/AugJn2xpNHgPpacji /mdY9ChNcLLagLEWBp6f5Ps6mMjS+kRTN/TF1TUN/FzpxA9N6XCoBUuGJUEWS8lFXq woLzfNkYYHtfO8ClOdG9MFsIKwWIV4XcWjm5bwjO+S8KHr+UuDsPK2lkriY0rTO/1m 8GfBGmfaR4WaabgkacAR97ntVhlvN0Eod6fx2OD3yhthYR3Xyebgllik/Wz+bg35m6 sBgfoXoOWl69ZTCUesCfNL/ju9P7Vgx7ruIFmUIUpNrdQqke2Y/KHDDJIjk7nunAnX rKb8S+iqH91rg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47729-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Fixed with https://git.savannah.gnu.org/cgit/guix.git/commit/?id=9a11f2380ff49756ace2f33bc96a88cdb6af5453. ------------=_1620676202-30978-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 12 Apr 2021 15:44:41 +0000 Received: from localhost ([127.0.0.1]:57761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVyju-0002cD-CF for submit@debbugs.gnu.org; Mon, 12 Apr 2021 11:44:41 -0400 Received: from lists.gnu.org ([209.51.188.17]:50212) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVyjt-0002c5-A1 for submit@debbugs.gnu.org; Mon, 12 Apr 2021 11:44:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lVyjt-0007gH-1S for bug-guix@gnu.org; Mon, 12 Apr 2021 11:44:37 -0400 Received: from laurent.telenet-ops.be ([2a02:1800:110:4::f00:19]:41388) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lVyjq-0006X2-8Y for bug-guix@gnu.org; Mon, 12 Apr 2021 11:44:36 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by laurent.telenet-ops.be with bizsmtp id rrkV2400L0mfAB401rkVvA; Mon, 12 Apr 2021 17:44:29 +0200 Message-ID: <0a0b536cf697c37adfca19ccb547e22c9cee4ce0.camel@telenet.be> Subject: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] From: Maxime Devos To: bug-guix@gnu.org Date: Mon, 12 Apr 2021 17:44:24 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-sDojTtl3foGSiPIa50CF" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1618242269; bh=amApKRThrE0TnvGW747HVhjy9L23c0gPMtNvdFm8Ir8=; h=Subject:From:To:Date; b=TF7d+V3hdPhREOdZGX7CbZc9tyM1njAUuNeZgvMf/Akp7h3D84ii4GhlIwEmXGgQl DESlZQMzqixH8pePQjP6jg/TJ/ryzQmKbS6/7WEOJz1L+2W4e6MIChbHoxR8Wev0RP tc7KMEmtG11X+HO52XvGU032hnAVXlsGfcg0ccQ4l0f13pebnDU4HK5GNRfJSk0adh ZiNPNV1kOrbv6YYB8Jcln98isiXLMRgyCudzFj4ydtSOVJJHTiolzA+E+bqUhxt/hv UVO7mzNPrSp3rOdLAT1K6c3JDCjQW5OV8QFd5pwutxUbhKklDHX4iiwcfQiBtoWdUV oivZlzAEZnoLg== Received-SPF: pass client-ip=2a02:1800:110:4::f00:19; envelope-from=maximedevos@telenet.be; helo=laurent.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-sDojTtl3foGSiPIa50CF Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =46rom https://nvd.nist.gov/vuln/detail/CVE-2021-30184: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the = use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions= in frontend/cmd.cc. Upstream bug report and patch: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html Upstream is aware of this issue and patch. The patch is being reviewed ups= tream: Response by Antonio Ceballos () =E2=80=98We will review it all in detail for a future release fixing the pr= oblem.=E2=80=99 I believe we should simply wait for upstream to make a release. --=-sDojTtl3foGSiPIa50CF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHRq2BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o76AP9ixzfK48MaqYYWx/Y93dKzqyTW jgm+sOJe25bU3sTNDgEA5XWV+sZ56Ptxz6rSG88YRQlkBa4bATPktp3Wjt1FqQY= =Va44 -----END PGP SIGNATURE----- --=-sDojTtl3foGSiPIa50CF-- ------------=_1620676202-30978-1--