civodul pushed a commit to branch stable-2.0
in repository guile.

commit 606cf7f7f42c072b96b941e5074338c01811b5ea
Author: Ludovic Courtès <>
Date:   Wed Oct 12 10:12:26 2016 +0200

    Update 'NEWS'.
 NEWS |   48 +++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 41 insertions(+), 7 deletions(-)

diff --git a/NEWS b/NEWS
index 96c5c2a..22dda2e 100644
--- a/NEWS
+++ b/NEWS
@@ -7,17 +7,38 @@ Please send Guile bug reports to
 Changes in 2.0.13 (since 2.0.12):
-* Notable changes
-* New interfaces
-** mkstemp! takes optional "mode" argument
+* Security fixes
-See "File System" in the manual, for more.
+** CVE-2016-8606: REPL server now protects against HTTP inter-protocol
+   attacks
-** New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions
+Guile 2.x provides a "REPL server" started by the '--listen'
+command-line option or equivalent API (see "REPL Servers" in the
-* Bug fixes
+The REPL server is vulnerable to the HTTP inter-protocol attack as
+described at
+<>, notably the
+HTML form protocol attack described at
+<>.  A "DNS rebinding attack"
+can be combined with this attack and allow an attacker to send arbitrary
+Guile code to the REPL server through web pages accessed by the
+developer, even though the REPL server is listening to a loopback device
+("localhost").  This was demonstrated in an article entitled "How to
+steal any developer's local database" available at
+The REPL server in Guile 2.0.13 now detects attempts to exploit this
+vulnerability.  It immediately closes the connection when it receives a
+line that looks like an HTTP request.
+Nevertheless, we recommend binding the REPL server to a Unix-domain
+socket, for instance by running:
-** 'mkdir' procedure no longer calls umask(2) (<>)
+  guile --listen=/tmp/guile-socket
+** CVE-2016-8605: 'mkdir' procedure no longer calls umask(2)
+   (<>)
 When the second argument to the 'mkdir' procedure was omitted, it would
 call umask(0) followed by umask(previous_umask) and apply the umask to
@@ -28,9 +49,22 @@ applications: during a small window the process' umask was 
set to zero,
 so other threads calling mkdir(2) or open(2) could end up creating
 world-readable/writable/executable directories or files.
+* New interfaces
+** mkstemp! takes optional "mode" argument
+See "File System" in the manual, for more.
+** New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions
+* Bug fixes
 ** Fix optimizer bug when compiling fixpoint operator
 ** Fix build error on MinGW
 ** Update 'uname' implementation on MinGW
+** 'port-encoding' and 'set-port-encoding!' ensure they are passed an
+   open port
+** (system base target) now recognizes Alpha as a cross-compilation target
 Changes in 2.0.12 (since 2.0.11):

Reply via email to