Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 20 Jun 2015 19:14:54 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 200980] lang/chicken: CVE-2015-4556: out-of-bounds read in CHICKEN Scheme's string-translate* procedure
Message-ID:  <bug-200980-13-L3eSv5NFco@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-200980-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-200980-13@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200980

--- Comment #1 from Vitaly Magerya <vmagerya@gmail.com> ---
Created attachment 157898
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157898&action=edit
chicken-4.10.0rc1.diff

Unfortunately it is not as trivial as applying that patch to a
previous release: one of the files that patch touches must be
translated into C during the build, which requires an installed
version of chicken. Normally release tarballs include the generated
C file, but if the patch is applied that generated file becomes
obsolete, and the build process can not continue.

The solution is to use one of the release tarballs.

Since chicken 4.10 is not yet released, we could use 4.10.0rc1
for the time being. It's better than nothing.

Here's a patch for that, complete with a vuln.xml update.

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200980-13-L3eSv5NFco>