-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 22 Oct 2016 11:36:24 -0500 Source: guile-2.0 Binary: guile-2.0 guile-2.0-dev guile-2.0-doc guile-2.0-libs Architecture: source amd64 all Version: 2.0.11+1-9+deb8u1 Distribution: jessie Urgency: high Maintainer: Rob Browning <rlb@defaultvalue.org> Changed-By: Rob Browning <rlb@defaultvalue.org> Description: guile-2.0 - GNU extension language and Scheme interpreter guile-2.0-dev - Development files for Guile 2.0 guile-2.0-doc - Documentation for Guile 2.0 guile-2.0-libs - Core Guile libraries Closes: 840555 840556 Changes: guile-2.0 (2.0.11+1-9+deb8u1) jessie; urgency=high . * Fix REPL server vulnerability (CVE-2016-8606). Add 0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch to incorporate the fix. See that file for further information. (Closes: 840555) . * Fix mkdir umask-related vulnerability (CVE-2016-8605). Previously, whenever the second argument to mkdir was omitted, it would temporarily change the umask to 0, a change which would also affect any concurrent threads. Add 0018-Remove-umask-calls-from-mkdir.patch to incorporate the fix. See that file for further information. (Closes: 840556) Checksums-Sha1: 8b0d5bd116b96c25bdbad401c9dd62851a6187ec 2146 guile-2.0_2.0.11+1-9+deb8u1.dsc 988b39c4a0a5c9409caeb57a53462de51679c665 30144 guile-2.0_2.0.11+1-9+deb8u1.debian.tar.xz df1e8f41380125071d47d7920539f38da1d4eff8 18792 guile-2.0_2.0.11+1-9+deb8u1_amd64.deb f94535159dbe193d83bf38f899efbb1355b90eb4 693138 guile-2.0-dev_2.0.11+1-9+deb8u1_amd64.deb 649cdad689ba068a2a86441c7c0369d60a4f4152 861176 guile-2.0-doc_2.0.11+1-9+deb8u1_all.deb 8f4244777607553c424e87979a35614e295e6396 2222004 guile-2.0-libs_2.0.11+1-9+deb8u1_amd64.deb Checksums-Sha256: 50d4ee3d029eae392e054a9856a63a949d1e6606207de6d9f58737e17a57fd10 2146 guile-2.0_2.0.11+1-9+deb8u1.dsc 9b491a042d39f47fcff84235f41b6d94a8eca06199c68a45a515584ee64354ca 30144 guile-2.0_2.0.11+1-9+deb8u1.debian.tar.xz 9c832ded0d71b15516680d603e13b4f6ab30c28c46bd9e6f452b7a918bcc032b 18792 guile-2.0_2.0.11+1-9+deb8u1_amd64.deb fc332b2082e07a36916dab57171e6d950394cb7a63757b4b27103b627a353256 693138 guile-2.0-dev_2.0.11+1-9+deb8u1_amd64.deb 9267e9924f5fafd4f17170fb6e5eabeaaaddbfa0932be2536e30fb7cf4e8bba4 861176 guile-2.0-doc_2.0.11+1-9+deb8u1_all.deb 22b0f1c94685faf057aa91621dab9682ed66a58a70d05d8886e2ab11003326b5 2222004 guile-2.0-libs_2.0.11+1-9+deb8u1_amd64.deb Files: 8f9d0ad50d0cc037b1e42c9fc58b4c0c 2146 interpreters optional guile-2.0_2.0.11+1-9+deb8u1.dsc 2ecf8adaa9c161b6188d5ac1554acd4e 30144 interpreters optional guile-2.0_2.0.11+1-9+deb8u1.debian.tar.xz 8cabab206056acb1e47f68022d324e37 18792 lisp optional guile-2.0_2.0.11+1-9+deb8u1_amd64.deb dbcaf4a32d19c39cd056e0bd4c1ec57e 693138 lisp optional guile-2.0-dev_2.0.11+1-9+deb8u1_amd64.deb 5f99a527c950f70c51e91d27f07c1669 861176 doc optional guile-2.0-doc_2.0.11+1-9+deb8u1_all.deb 16454fbef01ce79ef648a2491b07de6b 2222004 lisp optional guile-2.0-libs_2.0.11+1-9+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAcBQJYeqQ5FRxybGJAZGVmYXVsdHZhbHVlLm9yZwAKCRDu8RbFWlpC 8adZD/4gmbfNTqtrhPhdBV1/pB8CGnZ7Ww7T1b7x6vtHsiQvw6D6DQqQIlwMrJpu UXnKF0zULJ6rBlCzzAswWkkswY3eDYfJxmczUmPonsjEG3fI+hH/COiysNSXq7mX 47qYv/zjkuUEiOvncUqgIGk1N8esZA/vN4H0dCvy/S9AYRWJzHbmngRQhVHuArja QPgGviuSa3JJ3qEUW9HtsCmx2TWtLFg4qRjlFbuM4B4suQRuKXkBvveqQJPr0UWO /MVT0JBQbEhxBEeniWhNBMgEHqYo+S86dymKXI0hwBZR0JF/EwzOZ4zP2QfGByb1 Qm87nTnLH3H28rH6Xk7Yk+SBWiuAR7TNWvefapMf1aAk9QlTm90tPjDYhdFOpFIS L+6K4EwmdJ+Rk8O7JEqYskqB9DWYn75pSJPstv22/yauMSPgq1Yfy8wBCYKWp/fF nNpUDrJ9+uwzxvcot4iPiu/IN2UJdNEkR639HVlmo+4CPc6kFCZlHvY+tuZZtd2z umknCeZSHogyQGQ9nhX2IKBCQzlqyyrV74py28EMK2jkiEwHg+OuUX3rrYMp6CD/ sEPn3z7FpAueWNjvQYiCc2zdVuCHK4kuKLNIIDX4FW4Bshfs1K4pPH+KjAv0jghO OazJ0WS0bwL5KKt53c8e4Fl46PZjWePqdJGYCyRc1F4p23UB+Q== =4Fad -----END PGP SIGNATURE-----