---
- branch: MAIN
  date: Tue Jan 28 21:11:30 UTC 2020
  files:
  - new: '1.34'
    old: '1.33'
    path: pkgsrc/games/nethack-lib/Makefile
    pathrev: pkgsrc/games/nethack-lib/Makefile@1.34
    type: modified
  - new: '1.42'
    old: '1.41'
    path: pkgsrc/games/nethack-lib/Makefile.common
    pathrev: pkgsrc/games/nethack-lib/Makefile.common@1.42
    type: modified
  - new: '1.26'
    old: '1.25'
    path: pkgsrc/games/nethack-lib/distinfo
    pathrev: pkgsrc/games/nethack-lib/distinfo@1.26
    type: modified
  - new: '1.41'
    old: '1.40'
    path: pkgsrc/games/nethack-x11/Makefile
    pathrev: pkgsrc/games/nethack-x11/Makefile@1.41
    type: modified
  id: 20200128T211130Z.b51e20ad707d73a18f380fecf3b80e2dff88a908
  log: "games/nethack: update to 3.6.5.\n\nThe NetHack DevTeam is announcing the release
    of NetHack 3.6.5 on January 27,\n2020\n\nNetHack 3.6.5 is the official release
    of NetHack that follows NetHack 3.6.4.\n\nThis release primarily corrects security
    issues present in NetHack versions\n3.6.0, 3.6.1, 3.6.2, 3.6.3 and 3.6.4.\n\nCVE-2020-5214\tError
    recovery after syntax error in configuration file is\n                subject
    to a buffer overflow\nCVE-2020-5213\tSYMBOL configuration file option is subject
    to a buffer overflow\nCVE-2020-5212\tMENUCOLOR configuration file option is subject
    to a buffer\n                overflow\nCVE-2020-5211\tAUTOCOMPLETE configuration
    file option is subject to a buffer\n                overflow\nCVE-2020-5210\tNetHack
    command line -w option parsing is subject to a buffer\n                overflow\nCVE-2020-5209\tCommand
    line parsing of options starting with -de and -i is\n                subject to
    a buffer overflow\nCVE-2019-19905\tPrivilege escalation/remote code execution/crash
    in\n                configuration parsing\n\nYou are encouraged to update to NetHack
    3.6.5 as soon as possible.\n\nHere's a brief synopsis of the handful of bug fixes
    included in NetHack 3.6.5:\n\n    fix accessing mons[-1] when trying to gate in
    a non-valid demon\n    fix accessing mons[-1] when monster figures out if a tin
    cures stoning\n    have string_for_opt() return empty_optstr on failure\n    ensure
    existing callers of string_for_opt() check return value\n      before using it\n
    \   fix potential buffer overflow in add_menu_coloring()\n    fix potential buffer
    overflow in sym_val()\n    fix potential buffer overflow in pline(), raw_printf(),
    and\n      config_error_add()\n    fix potential buffer overflow in choose_windows()\n
    \   use vsnprintf instead of vsprintf in pline.c where possible\n    Windows:
    includes a fix from a 3.6.4 post-release update where\n      OPTIONS=map_mode:fit_to_screen
    could cause a game start failure\n    Windows: users with C-locale unmappable
    names could get game start failure\n\nAll of the fixes have been incrementally
    published on the public Git\nrepository for the game. A more complete list can
    be found in the game's\nsources in doc/fixes36.5. As usual, a warning that some
    entries in that\nfile may also be \"spoilers\".\n\nExisting saved games and bones
    files from 3.6.0 through to 3.6.4 should\nwork with 3.6.5, assuming that the same
    build configuration options were\nused.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/games'
  unixtime: '1580245890'
  user: rhialto