Debian Bug report logs -
#788833
chicken: CVE-2015-4556: buffer overrun in CHICKEN Scheme's string-translate* procedure
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 15 Jun 2015 12:57:02 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version chicken/4.7.0-1
Fixed in version chicken/4.10.0-1
Done: Davide Puricelli (evo) <evo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Davide Puricelli (evo) <evo@debian.org>:
Bug#788833; Package src:chicken.
(Mon, 15 Jun 2015 12:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Davide Puricelli (evo) <evo@debian.org>.
(Mon, 15 Jun 2015 12:57:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: chicken
Version: 4.7.0-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for chicken.
CVE-2015-4556[0]:
buffer overrun in CHICKEN Scheme's string-translate* procedure
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-4556
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Changed Bug title to 'libwmf: CVE-2015-0848 CVE-2015-4588' from 'chicken: CVE-2015-4556: buffer overrun in CHICKEN Scheme's string-translate* procedure'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 16 Jun 2015 04:27:03 GMT) (full text, mbox, link).
Changed Bug title to 'chicken: CVE-2015-4556: buffer overrun in CHICKEN Scheme's string-translate* procedure' from 'libwmf: CVE-2015-0848 CVE-2015-4588'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 16 Jun 2015 04:30:03 GMT) (full text, mbox, link).
Severity set to 'grave' from 'important'
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org.
(Thu, 26 May 2016 08:27:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Davide Puricelli (evo) <evo@debian.org>:
Bug#788833; Package src:chicken.
(Sat, 28 May 2016 21:45:20 GMT) (full text, mbox, link).
Acknowledgement sent
to Tobias Frost <tobi@debian.org>:
Extra info received and forwarded to list. Copy sent to Davide Puricelli (evo) <evo@debian.org>.
(Sat, 28 May 2016 21:45:20 GMT) (full text, mbox, link).
Message #16 received at 788833@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags -1 patch
Upstream patch cherry-picked.
--
tobi
[CVE-2015-4556.patch (text/x-patch, attachment)]
Added tag(s) patch.
Request was from Tobias Frost <tobi@debian.org>
to 788833-submit@bugs.debian.org.
(Sat, 28 May 2016 21:45:20 GMT) (full text, mbox, link).
Added tag(s) pending and fixed-upstream.
Request was from Tobias Frost <tobi@debian.org>
to control@bugs.debian.org.
(Sun, 29 May 2016 09:09:12 GMT) (full text, mbox, link).
Reply sent
to Davide Puricelli (evo) <evo@debian.org>:
You have taken responsibility.
(Sun, 12 Jun 2016 23:27:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 12 Jun 2016 23:27:07 GMT) (full text, mbox, link).
Message #25 received at 788833-close@bugs.debian.org (full text, mbox, reply):
Source: chicken
Source-Version: 4.10.0-1
We believe that the bug you reported is fixed in the latest version of
chicken, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 788833@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Davide Puricelli (evo) <evo@debian.org> (supplier of updated chicken package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 12 Jun 2016 17:33:30 +0200
Source: chicken
Binary: chicken-bin libchicken7 libchicken-dev
Architecture: source amd64
Version: 4.10.0-1
Distribution: unstable
Urgency: high
Maintainer: Davide Puricelli (evo) <evo@debian.org>
Changed-By: Davide Puricelli (evo) <evo@debian.org>
Description:
chicken-bin - Practical and portable Scheme system - compiler
libchicken-dev - Practical and portable Scheme system - development
libchicken7 - Practical and portable Scheme system - runtime
Closes: 775346 788833 825724
Changes:
chicken (4.10.0-1) unstable; urgency=high
.
* New upstream version, fixing CVE-2014-9651 and CVE-2015-4556.
closes: #775346, #788833.
* ACK to Tobias Frost's NMU, thanks! closes: #825724.
Checksums-Sha1:
043cecaac5e1e22a4ece770f861ea8362453aeab 1835 chicken_4.10.0-1.dsc
bbb532abc6f7df306b4868218036c5188738d772 4020442 chicken_4.10.0.orig.tar.gz
19a9deef4e5be1f5b92a99381c6dcc4f7b093a3b 6372 chicken_4.10.0-1.debian.tar.xz
f65ea472990349753dfdf7c3a15e650b6fb6600c 2442428 chicken-bin-dbgsym_4.10.0-1_amd64.deb
3f185b512731b66a1086b9b1c63ffd082b76e7e5 1031360 chicken-bin_4.10.0-1_amd64.deb
1b7f31032be2bee5c80e23762586e49c34816bc5 1046760 libchicken-dev_4.10.0-1_amd64.deb
fb681a5319427abffe731f1926f3db98700e50a0 3154652 libchicken7-dbgsym_4.10.0-1_amd64.deb
ea2237ec42a39c322effef93f02440233c588a1c 932460 libchicken7_4.10.0-1_amd64.deb
Checksums-Sha256:
f2669d5f06a524c38bc76f376851cca28710a4c87c271fa305a417b42f60f779 1835 chicken_4.10.0-1.dsc
0e07f5abcd11961986950dbeaa5a40db415f8a1b65daff9c300e9b05b334899b 4020442 chicken_4.10.0.orig.tar.gz
3054d23999ae80c307a9ec710968cdb0b2f2b57a0ab0747eefe4486891d95ed2 6372 chicken_4.10.0-1.debian.tar.xz
b9037357c20caae35ebfef6f0792607dac04fb7c73c4f552d402499049e0fbe8 2442428 chicken-bin-dbgsym_4.10.0-1_amd64.deb
99d584ab67733a83d2eeba4de5646eb076cf9bdeca91aa0bc9f2bfc66249ed2d 1031360 chicken-bin_4.10.0-1_amd64.deb
96e9de88ed9565fd74a142fe8e664bbee64f75ab2259ff02fa57825bacde1470 1046760 libchicken-dev_4.10.0-1_amd64.deb
ae83de91fc7255d12a0f555309e296267e200c8b4a602cec544e8c759a50382f 3154652 libchicken7-dbgsym_4.10.0-1_amd64.deb
d35d9aa8b635c5dde2d4fae5a377265e30d9410c28289efa5503f6ebafd4cac6 932460 libchicken7_4.10.0-1_amd64.deb
Files:
ac76a18f89d2ab3ad9277a03c4978355 1835 interpreters optional chicken_4.10.0-1.dsc
5585edb369eb2a49f1f92775419852e7 4020442 interpreters optional chicken_4.10.0.orig.tar.gz
d65db476b4b89cf1be3529c0ed1dea01 6372 interpreters optional chicken_4.10.0-1.debian.tar.xz
864323bed3e719a360f19a808e46fffd 2442428 debug extra chicken-bin-dbgsym_4.10.0-1_amd64.deb
760418fcc30fe97b6e2e9e2c8bc48b54 1031360 lisp optional chicken-bin_4.10.0-1_amd64.deb
0ca72b595742393a1a22c67c1aa0ac7b 1046760 libdevel optional libchicken-dev_4.10.0-1_amd64.deb
e5b7fa0bdadc6251bbe89a6062aeac88 3154652 debug extra libchicken7-dbgsym_4.10.0-1_amd64.deb
e8a7a1945d640b15c3a0d3029ee02e82 932460 libs optional libchicken7_4.10.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXXeeHAAoJEOZlB46OavE+2xQQAIzpvl7tM6RZyaL23quox12O
qhchaE3S/cIYPANpqFReu9lkc/8fSOd3I0gsYIGkY6sp0xFOw8f+EJc98ANt3y5u
rLg8zCUnA/UCnotEJ8Qiz/MccqZKCXWZcvbiuaDO8UV1+/vAUeAB8GE0mn5VYC26
064zn0+3o7Rn19X2W8BFRbNrnh/eUYefrHxhPc9yXwa1LSusmg0OnE9ALZO9acYR
nv7AwOYTmbmv+96Ffg85XGnWFzIWBZ+nGSPXUfcOS8Y3Hn8LlNQjSWOOGJnmWzfG
aiOnC0L3fvIEwRXWB07MCqkugZKrC4T6f0xjlCw7vijY9bLvFIBoBjkoVGmzAb7e
4xqq5N2tNAErEpbl7DJaz+h/SGEp4nI1jQBZc2GK9lbMS5wzi0YBiaNV+ERcFhia
umXvkOs98/6RmaqEd9WWmn/FjPlvih7WOk/ai/jY1bL5ROKiQbqTn957VCnGFPgj
1GwGFQ3NkrQZIPHxTKyV2KPPO0qrift/7P0wcR4q1KNnIZSi5dOYlBP/LJM8HXSN
PlRbtNDTHWxKUhdia5F5x2gBxJMT3suLplbWtDvHP+dFvZPYzCHthGHc3zlxDBKE
5MQMBz/3OcnkTx33IyNfTBbMQk9m2dJjl3BmIYs7kxhN2/+IfP0r09nBUVb6/P0A
u5MEJUZI8c22P034iZUd
=5qCb
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Dec 2016 08:49:18 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(Wed, 07 Dec 2016 01:41:30 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 Jul 2017 07:37:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:45:55 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon