A stack-based buffer overflow that can be triggered by supplying user move input larger than 128 bytes was found in gnuchess. Upstream bug report: https://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html Upstream patch: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134 CVE assignment: http://seclists.org/oss-sec/2016/q4/426
6.2.4 is in rawhide, stable f24 and f23. The update is on it's way to stable in f25.
(In reply to Jon Ciesla from comment #1) > 6.2.4 is in rawhide, stable f24 and f23. The update is on it's way to > stable in f25. Please do not close bugs against the Security Response component. This bug tracks the issue across many products, not just Fedora.