From ${URL} : An issue was discovered in CHICKEN Scheme through. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow. References: http://seclists.org/oss-sec/2017/q1/627 http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2017-6949 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6949): An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.
I've added chicken-4.13, which fixed all CVEs: https://code.call-cc.org/releases/4.13.0/NEWS
tree is clean. GLSA Vote: No