[Secure-testing-team] Bug#834845: chicken: CVE-2016-6830 CVE-2016-6831
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 19 19:39:21 UTC 2016
Source: chicken
Version: 4.9.0.1-1
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerabilities were published for chicken.
CVE-2016-6830[0]:
|Buffer overrun in CHICKEN Scheme's "process-execute" and
|"process-spawn" procedures from the posix unit
CVE-2016-6831[1]:
|Memory leak in CHICKEN Scheme's process-execute and process-spawn
|procedures
The upstream patch [2] addresses both CVEs.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6830
[1] https://security-tracker.debian.org/tracker/CVE-2016-6831
[2] https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
Regards,
Salvatore
More information about the Secure-testing-team
mailing list