[Secure-testing-team] Bug#706525: chicken: CVE-2013-2024: OS command injection vulnerability
Salvatore Bonaccorso
carnil at debian.org
Wed May 1 09:27:38 UTC 2013
Package: chicken
Version: 4.5.0-1
Severity: grave
Tags: security patch
Hi,
@Release Team: This probably should not delay the release for wheezy, as
chicken has other security relevant bugreport open (#702410) with wheezy-ignore
tag. The same can be done here, IMO.
the following vulnerability was published for chicken.
CVE-2013-2024[0]:
OS command injection vulnerability in Chicken Scheme
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information and patch see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2024
http://security-tracker.debian.org/tracker/CVE-2013-2024
[1] http://lists.nongnu.org/archive/html/chicken-hackers/2013-02/msg00135.html
[2] http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html
[3] http://lists.nongnu.org/archive/html/chicken-hackers/2013-04/msg00060.html
Regards,
Salvatore
More information about the Secure-testing-team
mailing list