Package: chicken Version: 4.5.0-1 Severity: grave Tags: security patch Hi,
@Release Team: This probably should not delay the release for wheezy, as chicken has other security relevant bugreport open (#702410) with wheezy-ignore tag. The same can be done here, IMO. the following vulnerability was published for chicken. CVE-2013-2024[0]: OS command injection vulnerability in Chicken Scheme If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information and patch see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2024 http://security-tracker.debian.org/tracker/CVE-2013-2024 [1] http://lists.nongnu.org/archive/html/chicken-hackers/2013-02/msg00135.html [2] http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html [3] http://lists.nongnu.org/archive/html/chicken-hackers/2013-04/msg00060.html Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
