Hi, I have prepared an update for chicken in Wheezy.
Please see the diff to previous version: https://people.debian.org/~rbalint/ppa/wheezy-lts/chicken_4.7.0-1+deb7u1.patch.gz Changes: chicken (4.7.0-1+deb7u1) wheezy-security; urgency=medium . * LTS Team upload * Don't overflow statically allocated arrays in process-execute (CVE-2016-6830) * Stop leaking memory in process-execute when the process arguments or environmen variables are not strings (CVE-2016-6831) If no one objects I will upload the fix on 30 Sept. The first vulnerability can be easily triggered using the following command: $ echo '(use posix) (use srfi-1) (process-execute "/bin/echo" (map ->string (iota 8500)))' | csi Cheers, Balint
signature.asc
Description: OpenPGP digital signature
