Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 513088 (CVE-2014-4150) - <dev-scheme/scheme48-1.9.2-r1: insecure use of temporary files in cmuscheme48.el
Summary: <dev-scheme/scheme48-1.9.2-r1: insecure use of temporary files in cmuscheme48.el
Alias: CVE-2014-4150
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa]
Depends on:
Reported: 2014-06-13 09:31 UTC by Agostino Sarubbo
Modified: 2016-07-05 13:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-06-13 09:31:16 UTC
From ${URL} :

Steve Kemp discovered that the function scheme48-send-definition in
cmuscheme48.el of scheme48 insecurely use temorary files[0]. This was
addressed upstream in commit [1]. Could a CVE be assigned for this


@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-06-05 08:01:16 UTC
Dead upstream, but package has dependencies.

@maintainer(s), please provide a patch for 1.9.2 and cleanup the vulnerable versions.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-07-05 11:15:44 UTC
@maintainer(s), package bumped with patch.  Please cleanup.
Comment 3 Amy Liffey gentoo-dev 2016-07-05 12:57:18 UTC
committer	Amy Winston <>	2016-07-05 12:54:14 (GMT)
commit	c8ecb9fa143484d4a24acd76d51f5b9078375186

dev-scheme/scheme48: clean vulnerable versions bug #513088