chicken scheme NSA backdoor

WE ARE FUCKED GUYS NOT EVEN LISP IS SAFE ANYMORE

https://www.us-cert.gov/ncas/bulletins/SB14-146

call-cc -- chicken Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3776

* CVSS Version 2 Metrics:
* Access Vector: Network exploitable
* Access Complexity: Low
* Authentication: Not required to exploit
* Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service



Hi hackers,

I believe issue #1124[1] is due to a missing bounds check in
`read-u8vector!`.

Currently, its read size is bounded according to the destination
u8vector's size when a length argument is given, but not when false is
passed for the length instead, leading to a possible buffer overrun. The
attached patch ensures this check is performed for both cases.

This problem (and the fix) is nearly identical to one that was found and
fixed in `read-string!` last year[2], via cd1b977. The patch doesn't
update NEWS yet since, as with CVE-2013-4385, this has security
implications and I think it should be included in the stable release as
well.

WHO ELSE READY TO INNAWOODS HERE??

INNAWOODS! INNAWOODS!

Yeah, I'm sure the NSA really wanted to backdoor chicken scheme to be able to root its userbase consisting of a whopping 10 people.

>>3
Yeah, but those 10 people must be serious wackos.

>>3

Most Lispers are pedos, so it makes sense.

moriya suwacko

>>6

kerokero

not surprised

p-jack-the-shining-axeLITTLE ROCK, AR – Thousands of patients are being released from state mental hospitals across Arkansas, and other states are expected to follow suit after Edward Snowden’s NSA leaks were released. Mr. Snowden released information that the NSA and other government agencies had in fact been collecting data on people and had been tracking individuals. After this breaking news hit the wires, multiple mental health patients’ files were reviewed and startling information was revealed.

Dr. Richard Hambridge, an AR state psychiatrist, says, “This is a game changer. Thousands of our patients in the mental health system were diagnosed with Schizophrenia after they reported being tracked and followed by government agencies. I mean at the time it just was your standard crazy talk.” Not crazy anymore says Hambridge. “These guys are absolute geniuses in having the insight to see what was going on.”

“I told those doctors all along!” said paranoid schizophrenic Mark Yount, who was now being released from the state mental institution. “They are tracking all of us and reading all of our emails! Aliens probed me too!” Mr. Yount was seen throwing his pills into a nearby lake and stripping down to his tighty whities while skipping away singing “Hey, Mr. Tambourine Man… “

>>9
who are you quoting?

>>10
Dr. Richard Hambridge and Mark Yount, stupid. It says so right there in the post, did you even read it?

>>11
Read what?

>>12
who are you quoting?

Winner, winner, chicken dinner!