The following freshmeat information: A security issue in the SYSLOG interface (POSIX module) and an OPEN/:APPEND regression have been fixed. SAVEINITMEM can create standalone executables. and the ChangeLog: * POSIX:SYSLOG no longer recognizes "%m" and other formatting instructions. For your safety and security, please do all formatting in Lisp. are unfortunately both not specific about the vulnerability.
please provide fixed ebuilds, thx
I just committed a new ebuild for clisp-2.38. Will we be issuing a GLSA? I think the security issue at hand is an unsafe function in CLISP POSIX package, so my feeling is it is not necessary...
ppc and x86, please mark stable. Regarding a GLSA, I'm not sure yet - I guess there will be a vote to decide that after arches marked stable.
x86 done
ppc stable
lets have a glsa vote. perl had something similar and we issued a glsa back then. Though i'd say no, C also has unsafe formatted printing functions and nobody would "fix" them...
I tend to vote YES.
I tend to vote no...
This is not really a security issue. It's a security improvement, that removes some POSIX compatibility functions that would be unsafe if improperly used. Correcting to full NO and closing, feel free to reopen if you disagree.