Bug#962512: nethack: Security issues in Buster's nethack 3.6.1
Jason L. Quinn
jason.lee.quinn+debian at gmail.com
Tue Jun 9 02:25:57 BST 2020
Source: nethack
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
Debian 10 (Buster) currently uses nethack 3.6.1. The website for nethack at
https://nethack.org/security/index.html
shows security issues have resulted in multiple (up to now 5) point releases
fixing things like buffer overflow vulnerabilities, including some that can
lead to escalation of privileges. The upstream maintainers recommend "upgrade
as soon as possible" for many of the CVE documented issues.
Seems like the vunerabilities are important enough to warrant an upgrade in
Buster.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-games-devel
mailing list