Steve Kemp from the Debian Security Audit Project discovered a problem in crawl, another console based dungeon exploration game, in the vein of nethack and rogue. The program uses several environment variables as inputs but doesn't apply a size check before copying one of them into a fixed size buffer. For the stable distribution (woody) this problem has been fixed in version 4.0.0beta23-2woody1. For the unstable distribution (sid) this problem has been fixed in version 4.0.0beta26-4. We recommend that you upgrade your crawl package.
Steve Kemp from the Debian Security Audit Project discovered a problem in crawl, another console based dungeon exploration game, in the vein of nethack and rogue. The program uses several environment variables as inputs but doesn't apply a size check before copying one of them into a fixed size buffer.
For the stable distribution (woody) this problem has been fixed in version 4.0.0beta23-2woody1.
For the unstable distribution (sid) this problem has been fixed in version 4.0.0beta26-4.
We recommend that you upgrade your crawl package.
MD5 checksums of the listed files are available in the original advisory.