Accepted guile-2.0 2.0.5+1-3+deb7u1 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Oct 2016 22:07:02 +0200
Source: guile-2.0
Binary: guile-2.0 guile-2.0-dev guile-2.0-doc guile-2.0-libs
Architecture: source amd64 all
Version: 2.0.5+1-3+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Rob Browning <rlb@defaultvalue.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
guile-2.0 - GNU extension language and Scheme interpreter
guile-2.0-dev - Development files for Guile 2.0
guile-2.0-doc - Documentation for Guile 2.0
guile-2.0-libs - Core Guile libraries
Changes:
guile-2.0 (2.0.5+1-3+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-8605:
The mkdir procedure of GNU Guile, an implementation of the Scheme
programming language, temporarily changed the process' umask to zero.
During that time window, in a multithreaded application, other threads
could end up creating files with insecure permissions.
* Fix CVE-2016-8606:
GNU Guile provides a "REPL server" which is a command prompt that
developers can connect to for live coding and debugging purposes. The REPL
server is started by the '--listen' command-line option or equivalent API.
It was reported that the REPL server is vulnerable to the HTTP
inter-protocol attack.
This constitutes a remote code execution vulnerability for developers
running a REPL server that listens on a loopback device or private network.
Applications that do not run a REPL server, as is usually the case, are
unaffected.
Checksums-Sha1:
56e2a5a1e7f7279ae78d2a4e12c552ad24c3d7e5 2206 guile-2.0_2.0.5+1-3+deb7u1.dsc
25912a89083fce8ca1ffac14075105a9afdfb3da 3991576 guile-2.0_2.0.5+1.orig.tar.bz2
48f2616977d03d32b2ba48fe04519ad2e12a991e 19461 guile-2.0_2.0.5+1-3+deb7u1.debian.tar.gz
3440962fd182ce8c7004fa5551d396fab9205740 16244 guile-2.0_2.0.5+1-3+deb7u1_amd64.deb
22fa9e5d140a58ff88d0910a68f5e6b5eec7583a 1012034 guile-2.0-dev_2.0.5+1-3+deb7u1_amd64.deb
2c3dbe14b1a202d5f51254e16a0dc778db457db4 797494 guile-2.0-doc_2.0.5+1-3+deb7u1_all.deb
9457c368ca429afa86c440bc43414e4b3cfba1cd 2854236 guile-2.0-libs_2.0.5+1-3+deb7u1_amd64.deb
Checksums-Sha256:
01a2f47864b639baa093a8e78124e0cba6773cb257a8710fd9e68e0c6598759f 2206 guile-2.0_2.0.5+1-3+deb7u1.dsc
69ef3566e9319c5c4d2a34f09c6771c2f8f88299ab8b1c85c97c2ead35897f5b 3991576 guile-2.0_2.0.5+1.orig.tar.bz2
9b4e65cee2a6b5929ca75d09da651063c13b6b8f42268faacb51ad1ff7a9203f 19461 guile-2.0_2.0.5+1-3+deb7u1.debian.tar.gz
da7b6fd04d11934081a4acd852f4591b9b72fd4a4536c6a04857bdb0bf40c425 16244 guile-2.0_2.0.5+1-3+deb7u1_amd64.deb
5f8a711e7702369db87065203fc1e1bb3d431d7ebd5ecdb93da7314f91066483 1012034 guile-2.0-dev_2.0.5+1-3+deb7u1_amd64.deb
bf8b8dddb28e3e619b8de4d9d5ed4264674acedf2469fb28007b336c27e088c9 797494 guile-2.0-doc_2.0.5+1-3+deb7u1_all.deb
f877502c3bed5f6b5b617c63693e3d12b2995bd731cab6eff2fc775b32a0a69f 2854236 guile-2.0-libs_2.0.5+1-3+deb7u1_amd64.deb
Files:
879447fefe0232a048b2cb1e5f5d7898 2206 interpreters optional guile-2.0_2.0.5+1-3+deb7u1.dsc
8a6fc801acac9f7f6bd42f45752a284c 3991576 interpreters optional guile-2.0_2.0.5+1.orig.tar.bz2
b93baebb0f628f994fd9ac89d1d1bed3 19461 interpreters optional guile-2.0_2.0.5+1-3+deb7u1.debian.tar.gz
e7343a5c48ada047d7b701551a274d80 16244 lisp optional guile-2.0_2.0.5+1-3+deb7u1_amd64.deb
0a71f08e87144ece3a910788886dc6b5 1012034 lisp optional guile-2.0-dev_2.0.5+1-3+deb7u1_amd64.deb
bbbe243175ef4baed45925d294fa75ed 797494 doc optional guile-2.0-doc_2.0.5+1-3+deb7u1_all.deb
6b8e31a6d5c76199d2224f8826699676 2854236 lisp optional guile-2.0-libs_2.0.5+1-3+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKMBAEBCgB2BQJYBoZ1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5J/ID/9o
c6vZRPM87SjLokpWAuvx2YYZhc84NtmM5NqmVXgYmT+YiUBsqOthGzJNN0463aCs
DWAuoO+Ox8MDkmnvcQxzAuHcHY8Sjh9LNllyfTk5NVlu0pn2P6naZbn9ilu2DCgh
Qw3mtr/YV2J05eIxxItgIzsRHR5qT3dPShhYoK1R6kDIms7STZlMDfB6xKqEIY5g
SpaE3olge32XSATusgUb1RjKTjbUzFb3hzV06WVkyNlSkNb+twO8c/OFmvfLZLTI
kqt7AuelqnndDdiexAKhhEBqDDi7MYIK0Ygj/nzYkr3GI/v8O8e+XuTA4ZViZZ5x
+4uFgXJaZMWdnSn9wdTECasATxukHq6cicq8YMiEYGOnQfqdP6f9dkpCt5gF7pAf
hm7GvPl4uK2wqanWQpVSoAiKI3JTW37TDDVgdfXRcfpeO9Zs/kp8MYk7J5Dth3oy
x2FowlwweyLxVvubqUvNUUkDCD/WCDVHgug3gAcj3+ZUtWXHHCrZEa2k6XwKVUwf
AU1FpbcMjuFQW2tPhQh4QvQwjB98cmZflLkmjE7nGKmMtcfehXNfIkRekwrmoG+V
NmaV6dHFwTlrkGAGwYAh5cz0L1QYBGviYM7E3Zn6Kr6SZaU5fiuD4CPZDwJvNbP6
iChnetY3r5L08dtRgL0Ehbhrw5UYYY3B0f7+KVdPWQ==
=hvTK
-----END PGP SIGNATURE-----