Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 707110 (CVE-2020-5209, CVE-2020-5210, CVE-2020-5211, CVE-2020-5212, CVE-2020-5213, CVE-2020-5214) - <games-roguelike/nethack-3.6.6: Multiple vulnerabilities (CVE-2020-{5209,5210,5211,5212,5213, 5214})
Summary: <games-roguelike/nethack-3.6.6: Multiple vulnerabilities (CVE-2020-{5209,5210...
Status: RESOLVED FIXED
Alias: CVE-2020-5209, CVE-2020-5210, CVE-2020-5211, CVE-2020-5212, CVE-2020-5213, CVE-2020-5214
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~2 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-29 16:04 UTC by Jeroen Roovers
Modified: 2020-04-07 22:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2020-01-29 16:04:06 UTC
CVE-2020-5214	Error recovery after syntax error in configuration file is subject to a buffer overflow
CVE-2020-5213	SYMBOL configuration file option is subject to a buffer overflow
CVE-2020-5212	MENUCOLOR configuration file option is subject to a buffer overflow
CVE-2020-5211	AUTOCOMPLETE configuration file option is subject to a buffer overflow
CVE-2020-5210	NetHack command line -w option parsing is subject to a buffer overflow
CVE-2020-5209	Command line parsing of options starting with -de and -i is subject to a buffer overflow
CVE-2019-19905	Privilege escalation/remote code execution/crash in configuration parsing
Comment 1 Jeroen Roovers gentoo-dev 2020-01-29 16:10:29 UTC
That's six vulnerabilities because 3.6.4 supposedly fixed CVE-2019-19905 according to bug #706200.
Comment 2 Sam James gentoo-dev Security 2020-03-28 20:17:56 UTC
@maintainer(s), please create an appropriate ebuild