CVE-2017-6949

Name	CVE-2017-6949
Description	An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-908-1
Debian Bugs	858057

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chicken (PTS)	buster	4.13.0-1	fixed
	bullseye	5.2.0-2	fixed
	bookworm	5.3.0-1	fixed
	sid, trixie	5.3.0-1.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
chicken	source	wheezy	4.7.0-1+deb7u2		DLA-908-1
chicken	source	(unstable)	4.12.0-0.2			858057

Notes

[stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html