From unknown Mon Jun 16 23:15:53 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#47729 <47729@debbugs.gnu.org> To: bug#47729 <47729@debbugs.gnu.org> Subject: Status: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Reply-To: bug#47729 <47729@debbugs.gnu.org> Date: Tue, 17 Jun 2025 06:15:53 +0000 retitle 47729 CVE-2021-30184 Arbitrary code execution in GNU Chess [securit= y] reassign 47729 guix submitter 47729 Maxime Devos severity 47729 normal tag 47729 security thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 12 11:44:41 2021 Received: (at submit) by debbugs.gnu.org; 12 Apr 2021 15:44:41 +0000 Received: from localhost ([127.0.0.1]:57761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVyju-0002cD-CF for submit@debbugs.gnu.org; Mon, 12 Apr 2021 11:44:41 -0400 Received: from lists.gnu.org ([209.51.188.17]:50212) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVyjt-0002c5-A1 for submit@debbugs.gnu.org; Mon, 12 Apr 2021 11:44:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lVyjt-0007gH-1S for bug-guix@gnu.org; Mon, 12 Apr 2021 11:44:37 -0400 Received: from laurent.telenet-ops.be ([2a02:1800:110:4::f00:19]:41388) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lVyjq-0006X2-8Y for bug-guix@gnu.org; Mon, 12 Apr 2021 11:44:36 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by laurent.telenet-ops.be with bizsmtp id rrkV2400L0mfAB401rkVvA; Mon, 12 Apr 2021 17:44:29 +0200 Message-ID: <0a0b536cf697c37adfca19ccb547e22c9cee4ce0.camel@telenet.be> Subject: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] From: Maxime Devos To: bug-guix@gnu.org Date: Mon, 12 Apr 2021 17:44:24 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-sDojTtl3foGSiPIa50CF" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1618242269; bh=amApKRThrE0TnvGW747HVhjy9L23c0gPMtNvdFm8Ir8=; h=Subject:From:To:Date; b=TF7d+V3hdPhREOdZGX7CbZc9tyM1njAUuNeZgvMf/Akp7h3D84ii4GhlIwEmXGgQl DESlZQMzqixH8pePQjP6jg/TJ/ryzQmKbS6/7WEOJz1L+2W4e6MIChbHoxR8Wev0RP tc7KMEmtG11X+HO52XvGU032hnAVXlsGfcg0ccQ4l0f13pebnDU4HK5GNRfJSk0adh ZiNPNV1kOrbv6YYB8Jcln98isiXLMRgyCudzFj4ydtSOVJJHTiolzA+E+bqUhxt/hv UVO7mzNPrSp3rOdLAT1K6c3JDCjQW5OV8QFd5pwutxUbhKklDHX4iiwcfQiBtoWdUV oivZlzAEZnoLg== Received-SPF: pass client-ip=2a02:1800:110:4::f00:19; envelope-from=maximedevos@telenet.be; helo=laurent.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-sDojTtl3foGSiPIa50CF Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =46rom https://nvd.nist.gov/vuln/detail/CVE-2021-30184: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the = use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions= in frontend/cmd.cc. Upstream bug report and patch: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html Upstream is aware of this issue and patch. The patch is being reviewed ups= tream: Response by Antonio Ceballos () =E2=80=98We will review it all in detail for a future release fixing the pr= oblem.=E2=80=99 I believe we should simply wait for upstream to make a release. --=-sDojTtl3foGSiPIa50CF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHRq2BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o76AP9ixzfK48MaqYYWx/Y93dKzqyTW jgm+sOJe25bU3sTNDgEA5XWV+sZ56Ptxz6rSG88YRQlkBa4bATPktp3Wjt1FqQY= =Va44 -----END PGP SIGNATURE----- --=-sDojTtl3foGSiPIa50CF-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 12 16:31:39 2021 Received: (at control) by debbugs.gnu.org; 12 Apr 2021 20:31:39 +0000 Received: from localhost ([127.0.0.1]:58190 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lW3Df-0005e9-Kg for submit@debbugs.gnu.org; Mon, 12 Apr 2021 16:31:39 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:45194) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lW3Dd-0005e0-CZ for control@debbugs.gnu.org; Mon, 12 Apr 2021 16:31:38 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by baptiste.telenet-ops.be with bizsmtp id rwXb2400P0mfAB401wXbvk; Mon, 12 Apr 2021 22:31:35 +0200 Message-ID: Subject: From: Maxime Devos To: control@debbugs.gnu.org Date: Mon, 12 Apr 2021 22:31:35 +0200 Content-Type: text/plain User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1618259495; bh=uppxbFPlVZ3UrR2mNk0JpdyPMflXpQPGdP23CMqeghw=; h=Subject:From:To:Date; b=pKOLhCmAOvPljqsQy2/Q8PehkbO/4k7Apw01qXYFge3SN69SIyYTkC3TfQc1pGqWu cgRivlCI8QHH0J52E+Bx5GE4HQILjW6Yttys/VzXC1NKlXAS9UZuEIfWNriEbHh5fD l/TMdBg9B5pvRoQYYNCo9hDLEu6OQAi4DZVMD0mq/1yYztMf01QyXnfrArXIFRKTAn DBZM4Lqhlm2foHGO4E4D49a4kJLwIzUmhlPM/FogqsW47WT4d9lyE+s+9xNMRYopzN WipR5NdGwEwU1PzZKUCg4+U+3YVl12R5OPeqRHWC41tO60x+IeR9ftY1jbsIXSqqDP d9HrJgCqNuq/Q== X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: tags 47729 security thanks Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [195.130.132.51 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [195.130.132.51 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (maximedevos[at]telenet.be) 2.0 BLANK_SUBJECT Subject is present but empty 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) tags 47729 security thanks From debbugs-submit-bounces@debbugs.gnu.org Mon May 10 15:49:01 2021 Received: (at 47729-done) by debbugs.gnu.org; 10 May 2021 19:49:01 +0000 Received: from localhost ([127.0.0.1]:34395 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgBtl-000824-CU for submit@debbugs.gnu.org; Mon, 10 May 2021 15:49:01 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:52460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgBti-00081t-4M for 47729-done@debbugs.gnu.org; Mon, 10 May 2021 15:49:00 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by michel.telenet-ops.be with bizsmtp id 37ov2500D0mfAB4067ovQx; Mon, 10 May 2021 21:48:56 +0200 Message-ID: <06d2c07658acf6d550921288a630a0bb9f32dfd2.camel@telenet.be> Subject: Fixed: CVE-2021-30184 Arbitrary code execution in GNU Chess [security] From: Maxime Devos To: 47729-done@debbugs.gnu.org Date: Mon, 10 May 2021 21:48:55 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1620676136; bh=RSH3gq52O67vPytEXTpQkA3rtFFoAlOb0w7W/3jS4Hg=; h=Subject:From:To:Date; b=JP463XFgWFm7S1vb1QxCfkN3GlhLgML71+y06h8G9FvpYhD/AugJn2xpNHgPpacji /mdY9ChNcLLagLEWBp6f5Ps6mMjS+kRTN/TF1TUN/FzpxA9N6XCoBUuGJUEWS8lFXq woLzfNkYYHtfO8ClOdG9MFsIKwWIV4XcWjm5bwjO+S8KHr+UuDsPK2lkriY0rTO/1m 8GfBGmfaR4WaabgkacAR97ntVhlvN0Eod6fx2OD3yhthYR3Xyebgllik/Wz+bg35m6 sBgfoXoOWl69ZTCUesCfNL/ju9P7Vgx7ruIFmUIUpNrdQqke2Y/KHDDJIjk7nunAnX rKb8S+iqH91rg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47729-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Fixed with https://git.savannah.gnu.org/cgit/guix.git/commit/?id=9a11f2380ff49756ace2f33bc96a88cdb6af5453. From unknown Mon Jun 16 23:15:53 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 08 Jun 2021 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator