Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-0006-1 scheme48

Debian Security Advisory

DLA-0006-1 scheme48 -- LTS security update

Date Reported:

16 Jun 2014

Affected Packages:

scheme48

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 748766.
In Mitre's CVE dictionary: CVE-2014-4150.

More information:

The function `scheme48-send-definition` in cmuscheme48.el blindly overwrites the file /tmp/s48lose.tmp prior to sending it to the inferior scheme process.

This action will blindly overwrite files the user has permission to modify, causing data-loss.

For Debian 6 Squeeze, these issues have been fixed in scheme48 version 1.8+dfsg-1+deb6u1