CVE-2019-16787 - a buffer overflow issue has been found in NetHack, and all versions, starting with 3.6.0 and up to 3.6.3 (including 3.6.1, which is available from Gentoo repository) are affected by this vulnerability, which, if machine allows .nethackrc files from untrusted parties, could lead to arbitrary code execution. NetHack DevTeam has patched this vulnerability in 3.6.4 and advises everyone to update to this version. Hence, updating Gentoo ebuild to 3.6.4 should be sufficient to fix issue. Official statement on this topic from DevTeam can be found there: https://nethack.org/security/
Closing because noglsa, fixed in 3.6.4 in tree.
Cleaning up CVE's: The CVE used here is rejected! Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-19905. Reason: This candidate is a duplicate of CVE-2019-19905. Notes: All CVE users should reference CVE-2019-19905 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published: 2019-12-20T23:15:00.000Z Assingin bug to new CVE - Still closed.