Debian Security Advisory

DLA-0006-1 scheme48 -- LTS security update

Date Reported:
16 Jun 2014
Affected Packages:
scheme48
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 748766.
In Mitre's CVE dictionary: CVE-2014-4150.
More information:

The function `scheme48-send-definition` in cmuscheme48.el blindly overwrites the file /tmp/s48lose.tmp prior to sending it to the inferior scheme process.

This action will blindly overwrite files the user has permission to modify, causing data-loss.

For Debian 6 Squeeze, these issues have been fixed in scheme48 version 1.8+dfsg-1+deb6u1