Re: chicken security update for Wheezy LTS
2016-09-28 13:56 GMT+02:00 Bálint Réczey <email@example.com>:
> I have prepared an update for chicken in Wheezy.
> Please see the diff to previous version:
> chicken (4.7.0-1+deb7u1) wheezy-security; urgency=medium
> * LTS Team upload
> * Don't overflow statically allocated arrays in process-execute
> * Stop leaking memory in process-execute when the process arguments
> or environmen variables are not strings (CVE-2016-6831)
> If no one objects I will upload the fix on 30 Sept.
> The first vulnerability can be easily triggered using the following
> $ echo '(use posix) (use srfi-1) (process-execute "/bin/echo" (map ->string (iota 8500)))' | csi
The binary packages for amd64 are also available for testing here:
deb https://people.debian.org/~rbalint/ppa/wheezy-lts UNRELEASED/