CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2022/11/12 03:08:15
Modified files:
lang/chicken/core: Makefile
Added files:
lang/chicken/core/patches: patch-egg-compile_scm
Log message:
lang/chicken: backport security fix for CVE-2022-45145
Details:
https://lists.nongnu.org/archive/html/chicken-announce/2022-11/msg00000.html
> Vasilij found a security issue with the way egg-information
> files are created during installation of an extension package.
> Currently, escape characters in the .egg file may be used to
> perform arbitrary OS command injection due to the method the
> egg metadata is created and installed in the local egg repository
> during the install-stage of an egg.
diff from MAINTAINER Timo Myyrä, thanks!
