Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jun 2015 10:58:11 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 200980] lang/chicken: CVE-2015-4556: out-of-bounds read in CHICKEN Scheme's string-translate* procedure
Message-ID:  <bug-200980-13-7XzHXFDVZS@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-200980-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-200980-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200980

Vitaly Magerya <vmagerya@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #157976|                            |maintainer-approval+
              Flags|                            |

--- Comment #11 from Vitaly Magerya <vmagerya@gmail.com> ---
Created attachment 157976
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157976&action=edit
chicken-4.10.0.r1,1.diff

You're right, Jason; RC1 only fixes CVE-2014-9651 (substring-index*
issue), not CVE-2015-4556 (string-translate* issue). I did not
notice that.

That's not the only place I've messed up though. The current
version of lang/chicken is '4.10.0r1', and both CVE issues are
marked with '<range><lt>4.10.0</lt></range>'. Now observe:

    $ pkg version -t 4.10.0r1 4.10.0
    >

Whoops!

Note that the originally proposed version is actually better:

    $ pkg version -t 4.10.0rc1 4.10.0
    <

In any case, the correct version string I should have used is
'4.10.0.r1', but now that '4.10.0r1' has been committed, I'm
afraid we'll need to bump PORTEPOCH (which I'd prefer to avoid,
but I don't see how).

In short here's an additional patch, which changes the version
of lang/chicken to '4.10.0.r1,1', marks CVE-2015-4556 with
'<range><lt>4.10.0,1</lt></range>', and CVE-2014-9651 with
'<range><lt>4.10.0.r1,1</lt></range>'.

To double-check the version strings:

    $ pkg version -t 4.10.0r1 4.10.0.r1,1
    <

    $ pkg version -t 4.10.0.r1,1 4.10.0,1
    <

I hope I did not mess anything up this time...

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200980-13-7XzHXFDVZS>