Package: guile-1.8 Severity: normal Tags: security GNU Guile, an implementation of the Scheme language, provides a "REPL server" which is a command prompt that developers can connect to for live coding and debugging purposes. The REPL server is started by the '--listen' command-line option or equivalent API.
It was reported that the REPL server is vulnerable to the HTTP inter-protocol attack This constitutes a remote code execution vulnerability for developers running a REPL server that listens on a loopback device or private network. Applications that do not run a REPL server, as is usually the case, are unaffected. References: http://seclists.org/oss-sec/2016/q4/100 Upstream patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
