Date: Sat, 20 Jun 2015 19:14:54 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 200980] lang/chicken: CVE-2015-4556: out-of-bounds read in CHICKEN Scheme's string-translate* procedure Message-ID: <bug-200980-13-L3eSv5NFco@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200980-13@https.bugs.freebsd.org/bugzilla/> References: <bug-200980-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200980 --- Comment #1 from Vitaly Magerya <vmagerya@gmail.com> --- Created attachment 157898 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157898&action=edit chicken-4.10.0rc1.diff Unfortunately it is not as trivial as applying that patch to a previous release: one of the files that patch touches must be translated into C during the build, which requires an installed version of chicken. Normally release tarballs include the generated C file, but if the patch is applied that generated file becomes obsolete, and the build process can not continue. The solution is to use one of the release tarballs. Since chicken 4.10 is not yet released, we could use 4.10.0rc1 for the time being. It's better than nothing. Here's a patch for that, complete with a vuln.xml update. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200980-13-L3eSv5NFco>