Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 569980 (CVE-2015-8697) - dev-scheme/stalin: Insecure use of temporary files (CVE-2015-8697)
Summary: dev-scheme/stalin: Insecure use of temporary files (CVE-2015-8697)
Status: RESOLVED FIXED
Alias: CVE-2015-8697
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: ~4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-28 14:38 UTC by Agostino Sarubbo
Modified: 2017-09-04 12:55 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-12-28 14:38:52 UTC 
From ${URL} :

Steve Kemp discovered that Stalin, an optimizing compiler for Scheme,
insecurely uses temporary files which have a fixed name. This was
reported in Debian as #808730[1].

Could you please assign a CVE for this issue?

 [1] https://bugs.debian.org/808730




@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2016-06-05 22:12:31 UTC 
Update Check - 2016-06-05 - No updates from upstream
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-20 12:18:04 UTC 
Update:

Still any news from upstream.

+ the maintainer of the package is no longer active.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-07-20 16:01:51 UTC 
I don't think this is really maintainer upstream -- looks more like a proof-of-concept. I can't find an exact release date for the current version but the homepage hasn't been touched since 2013, so it's no newer than that.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2017-09-04 02:40:55 UTC 
Pacho please remove the Masked package, when possible.
Comment 5 Pacho Ramos gentoo-dev 2017-09-04 09:12:19 UTC 
Removed