crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24262
http://www.vupen.com/english/advisories/2006/0303
http://www.securityfocus.com/bid/16337
http://www.debian.org/security/2006/dsa-949