[Chicken-users] Security issue in henrietta script

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] Security issue in henrietta script

From:	Christian Kellermann
Subject:	[Chicken-users] Security issue in henrietta script
Date:	Fri, 24 Feb 2012 21:22:49 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

Dear chicken fans!

I have to inform you that the henrietta script supporting our egg
distribution on call-cc.org and its mirror kitten-technologies.co.uk
included an error that lead to arbitrary filesystem reads on the
server. 

Affected systems:

All henrietta installations prior to version 0.6.

Solution:

A new version 0.6 of the henrietta egg has been released that fixes
the issue. All users running the henrietta egg are advised to upgrade
immediately.

Are other users of chicken affected?

The "client" side of chicken's code is not affected by this issue.
If you have not installed the henrietta egg, you do not need to do
anything.

My thanks go to the folks on #chicken and the chicken team for
promptly handling the issue once identified.

Kind regards,

Christian

-- 
Who can (make) the muddy water (clear)? Let it be still, and it will
gradually become clear. Who can secure the condition of rest? Let
movement go on, and the condition of rest will gradually arise.
 -- Lao Tse.

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] Security issue in henrietta script, Christian Kellermann <=

Prev by Date: Re: [Chicken-users] rpc works great in one location but not at all in another
Next by Date: Re: [Chicken-users] rpc works great in one location but not at all in another
Previous by thread: [Chicken-users] rpc works great in one location but not at all in another
Next by thread: [Chicken-users] How to add a repl to an application with readline
Index(es):
- Date
- Thread