-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Oct 2016 22:07:02 +0200 Source: guile-2.0 Binary: guile-2.0 guile-2.0-dev guile-2.0-doc guile-2.0-libs Architecture: source amd64 all Version: 2.0.5+1-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Rob Browning <r...@defaultvalue.org> Changed-By: Markus Koschany <a...@debian.org> Description: guile-2.0 - GNU extension language and Scheme interpreter guile-2.0-dev - Development files for Guile 2.0 guile-2.0-doc - Documentation for Guile 2.0 guile-2.0-libs - Core Guile libraries Changes: guile-2.0 (2.0.5+1-3+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-8605: The mkdir procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. * Fix CVE-2016-8606: GNU Guile provides a "REPL server" which is a command prompt that developers can connect to for live coding and debugging purposes. The REPL server is started by the '--listen' command-line option or equivalent API. It was reported that the REPL server is vulnerable to the HTTP inter-protocol attack. This constitutes a remote code execution vulnerability for developers running a REPL server that listens on a loopback device or private network. Applications that do not run a REPL server, as is usually the case, are unaffected. Checksums-Sha1: 56e2a5a1e7f7279ae78d2a4e12c552ad24c3d7e5 2206 guile-2.0_2.0.5+1-3+deb7u1.dsc 25912a89083fce8ca1ffac14075105a9afdfb3da 3991576 guile-2.0_2.0.5+1.orig.tar.bz2 48f2616977d03d32b2ba48fe04519ad2e12a991e 19461 guile-2.0_2.0.5+1-3+deb7u1.debian.tar.gz 3440962fd182ce8c7004fa5551d396fab9205740 16244 guile-2.0_2.0.5+1-3+deb7u1_amd64.deb 22fa9e5d140a58ff88d0910a68f5e6b5eec7583a 1012034 guile-2.0-dev_2.0.5+1-3+deb7u1_amd64.deb 2c3dbe14b1a202d5f51254e16a0dc778db457db4 797494 guile-2.0-doc_2.0.5+1-3+deb7u1_all.deb 9457c368ca429afa86c440bc43414e4b3cfba1cd 2854236 guile-2.0-libs_2.0.5+1-3+deb7u1_amd64.deb Checksums-Sha256: 01a2f47864b639baa093a8e78124e0cba6773cb257a8710fd9e68e0c6598759f 2206 guile-2.0_2.0.5+1-3+deb7u1.dsc 69ef3566e9319c5c4d2a34f09c6771c2f8f88299ab8b1c85c97c2ead35897f5b 3991576 guile-2.0_2.0.5+1.orig.tar.bz2 9b4e65cee2a6b5929ca75d09da651063c13b6b8f42268faacb51ad1ff7a9203f 19461 guile-2.0_2.0.5+1-3+deb7u1.debian.tar.gz da7b6fd04d11934081a4acd852f4591b9b72fd4a4536c6a04857bdb0bf40c425 16244 guile-2.0_2.0.5+1-3+deb7u1_amd64.deb 5f8a711e7702369db87065203fc1e1bb3d431d7ebd5ecdb93da7314f91066483 1012034 guile-2.0-dev_2.0.5+1-3+deb7u1_amd64.deb bf8b8dddb28e3e619b8de4d9d5ed4264674acedf2469fb28007b336c27e088c9 797494 guile-2.0-doc_2.0.5+1-3+deb7u1_all.deb f877502c3bed5f6b5b617c63693e3d12b2995bd731cab6eff2fc775b32a0a69f 2854236 guile-2.0-libs_2.0.5+1-3+deb7u1_amd64.deb Files: 879447fefe0232a048b2cb1e5f5d7898 2206 interpreters optional guile-2.0_2.0.5+1-3+deb7u1.dsc 8a6fc801acac9f7f6bd42f45752a284c 3991576 interpreters optional guile-2.0_2.0.5+1.orig.tar.bz2 b93baebb0f628f994fd9ac89d1d1bed3 19461 interpreters optional guile-2.0_2.0.5+1-3+deb7u1.debian.tar.gz e7343a5c48ada047d7b701551a274d80 16244 lisp optional guile-2.0_2.0.5+1-3+deb7u1_amd64.deb 0a71f08e87144ece3a910788886dc6b5 1012034 lisp optional guile-2.0-dev_2.0.5+1-3+deb7u1_amd64.deb bbbe243175ef4baed45925d294fa75ed 797494 doc optional guile-2.0-doc_2.0.5+1-3+deb7u1_all.deb 6b8e31a6d5c76199d2224f8826699676 2854236 lisp optional guile-2.0-libs_2.0.5+1-3+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE----- iQKMBAEBCgB2BQJYBoZ1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5J/ID/9o c6vZRPM87SjLokpWAuvx2YYZhc84NtmM5NqmVXgYmT+YiUBsqOthGzJNN0463aCs DWAuoO+Ox8MDkmnvcQxzAuHcHY8Sjh9LNllyfTk5NVlu0pn2P6naZbn9ilu2DCgh Qw3mtr/YV2J05eIxxItgIzsRHR5qT3dPShhYoK1R6kDIms7STZlMDfB6xKqEIY5g SpaE3olge32XSATusgUb1RjKTjbUzFb3hzV06WVkyNlSkNb+twO8c/OFmvfLZLTI kqt7AuelqnndDdiexAKhhEBqDDi7MYIK0Ygj/nzYkr3GI/v8O8e+XuTA4ZViZZ5x +4uFgXJaZMWdnSn9wdTECasATxukHq6cicq8YMiEYGOnQfqdP6f9dkpCt5gF7pAf hm7GvPl4uK2wqanWQpVSoAiKI3JTW37TDDVgdfXRcfpeO9Zs/kp8MYk7J5Dth3oy x2FowlwweyLxVvubqUvNUUkDCD/WCDVHgug3gAcj3+ZUtWXHHCrZEa2k6XwKVUwf AU1FpbcMjuFQW2tPhQh4QvQwjB98cmZflLkmjE7nGKmMtcfehXNfIkRekwrmoG+V NmaV6dHFwTlrkGAGwYAh5cz0L1QYBGviYM7E3Zn6Kr6SZaU5fiuD4CPZDwJvNbP6 iChnetY3r5L08dtRgL0Ehbhrw5UYYY3B0f7+KVdPWQ== =hvTK -----END PGP SIGNATURE-----