[SECURITY] [DLA 908-1] chicken security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 908-1] chicken security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sun, 23 Apr 2017 12:20:34 +0200
Message-id: <[🔎] 0d3ef7ab-c65a-d4a3-72c0-6e4a7bd97756@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : chicken
Version        : 4.7.0-1+deb7u2
CVE ID         : CVE-2017-6949
Debian Bug     : 858057

It was found that CHICKEN did not sanitize the size argument when
allocating SRFI-4 vectors, which could lead to segfaults or buffer
overflows with some sizes.

For Debian 7 "Wheezy", these problems have been fixed in version
4.7.0-1+deb7u2.

We recommend that you upgrade your chicken packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlj8f+8ACgkQnUbEiOQ2
gwI2uw/+IQZYxo4VZ+OcHlucFqIv5kOa8A5Tb8quJL5/WW7IL8xva1dWCDgMhP2S
6gZBzJlp+EJBKDCwAujpw+tpYOQN2orKG7WqqtuQZTVOSA6m7A52UuIBnW9xC+qU
WqmXvIzEXp6Jt/p71xP7YRcYpy4mbK67DfI8LLIkIMseTu3BAUIZkOLATceAGRZO
X27yxn6rtIt6dSw74sG4gRkO8M6Eb7cxETqgV2EDZfcDOaupFtv63CfzG6fuAoEC
9PemSap5Rmv0auJNV7m30YP9/J4xbCoxBNpZrmX/PrFfmE2WeojPmHe6AfMYI9em
+oQRm/rRG+Iz13ZNpqxi8oZwD47rhSuZE9R/G8kiMLsRWEbjyqyg5PDwU4UQ7KkH
kHuL+X9l/efBqHucnfGRk99DAVMHcyNS3Ik/SpfOcLKLua0JbKetRvO9OB/7nRet
uorQ1jcQomYgDPjAvFweGOjhfwXZOuCod0S4cbVrIkvnYSBzaot8XJZQGKEgNy8e
vUTSADHAqv3ov5ahw2ttqKf5aNy6LhWJ5icaz6653IaxSFlAoByWYAIj9GQbXA2U
33q2MTqYp9IjdYNP7T7ZPNo1+4JscvdgCf8vTWyrMIFQZ1arCIZn6hS5xR/RcAZg
XIEjvxHMi5HSMfk2T7b1LPJ7JZsNj+gvP9AZd/eaYZw3NXTujPI=
=FI3f
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 907-1] xen security update
Next by Date: [SECURITY] [DLA 909-1] libcroco security update
Previous by thread: [SECURITY] [DLA 907-1] xen security update
Next by thread: [SECURITY] [DLA 909-1] libcroco security update
Index(es):
- Date
- Thread