Your message dated Tue, 20 Sep 2022 20:26:17 +0200
with message-id <[email protected]>
and subject line Buster is no longer supported
has caused the Debian Bug report #962512,
regarding nethack: Security issues in Buster's nethack 3.6.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962512
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nethack
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
Debian 10 (Buster) currently uses nethack 3.6.1. The website for nethack at
https://nethack.org/security/index.html
shows security issues have resulted in multiple (up to now 5) point releases
fixing things like buffer overflow vulnerabilities, including some that can
lead to escalation of privileges. The upstream maintainers recommend "upgrade
as soon as possible" for many of the CVE documented issues.
Seems like the vunerabilities are important enough to warrant an upgrade in
Buster.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Buster is now EOL [1], so closing this bug.
[1] https://www.debian.org/News/2022/20220910
--- End Message ---
