Source: nethack Severity: grave Tags: security Justification: user security hole
Dear Maintainer, Debian 10 (Buster) currently uses nethack 3.6.1. The website for nethack at https://nethack.org/security/index.html shows security issues have resulted in multiple (up to now 5) point releases fixing things like buffer overflow vulnerabilities, including some that can lead to escalation of privileges. The upstream maintainers recommend "upgrade as soon as possible" for many of the CVE documented issues. Seems like the vunerabilities are important enough to warrant an upgrade in Buster. -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
