games/nethack: security update to 3.6.4.

https://www.nethack.org/security/index.html:

NetHack: Privilege escalation/remote code execution/crash in
configuration parsing

Severity: High
Affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3
First Patched Version: 3.6.4

Basic Information:
A buffer overflow issue exists when reading very long lines from a
NetHack configuration file (usually named .nethackrc).

This vulnerability affects systems that have NetHack installed suid/sgid
and shared systems that allow users to upload their own configuration
files.

All users are urged to upgrade to NetHack 3.6.4 as soon as possible.

Additional information related to this advisory, if any, will be made
available at https://nethack.org/security.
This commit is contained in:
rhialto 2019-12-19 14:41:59 +00:00
parent 2c0217ce69
commit d8d2624fa0
2 changed files with 7 additions and 7 deletions

View file

@ -1,4 +1,4 @@
# $NetBSD: Makefile.common,v 1.39 2019/12/07 13:27:08 rhialto Exp $
# $NetBSD: Makefile.common,v 1.40 2019/12/19 14:41:59 rhialto Exp $
#
# used by games/nethack/Makefile
# used by games/nethack-lib/Makefile
@ -11,7 +11,7 @@
# The desired owner and the file mode of game executables.
#
NETHACK_BASEVER= 3.6.3
NETHACK_BASEVER= 3.6.4
NETHACK_VERSION= ${NETHACK_BASEVER}
NETHACK_DISTVER= ${NETHACK_BASEVER:S/.//g}
NETHACK_DIR= nethackdir${NETHACK_SAVEVER:S/.//g}

View file

@ -1,9 +1,9 @@
$NetBSD: distinfo,v 1.23 2019/12/07 13:27:08 rhialto Exp $
$NetBSD: distinfo,v 1.24 2019/12/19 14:41:59 rhialto Exp $
SHA1 (nethack-363-src.tgz) = 75af7872011852577f95597b4797a127db58604c
RMD160 (nethack-363-src.tgz) = d860a8974a86d36a05e5472a4d1be6d3487919bc
SHA512 (nethack-363-src.tgz) = 38bc6140b12188397539f28528dd8e34364fb7efeb42dbe36d86fea6cc473e292b7f47fba01db19cf7641414dee86092e33deb3b074afa0e8b811e71be71e1d1
Size (nethack-363-src.tgz) = 5568657 bytes
SHA1 (nethack-364-src.tgz) = e8166806a65893d7b843718c37b8aa9e87cfcef1
RMD160 (nethack-364-src.tgz) = 0af138fd481e6359f265d85423a36a160692dc92
SHA512 (nethack-364-src.tgz) = c951f939d50027b4468ebd2e32f79771e696035df0918b814bf02899f5c1e89d462ebc3f63155c23f5c627e66ca74244512d666b102c380242df1500a2c0afa9
Size (nethack-364-src.tgz) = 5573777 bytes
SHA1 (patch-ai) = 73c5b2ea1227531089474705f2f18bc411366365
SHA1 (patch-include_config.h) = d3e054a8b30d628513dcb445b10ce586685c7ea6
SHA1 (patch-include_system.h) = b1b53f513c3f6983e0e56eace74c71875b5df3f2