CVSROOT: /cvs Module name: ports Changes by: juan...@cvs.openbsd.org 2017/04/28 12:14:54
Modified files: lang/racket-minimal: Tag: OPENBSD_6_1 Makefile distinfo lang/racket-minimal/pkg: Tag: OPENBSD_6_1 PLIST Log message: Update to Racket 6.9. SECURITY: "A security vulnerability in the `racket/sandbox` library and Typed Racket allowed malicious Typed Racket code to escape the sandbox. This vulnerability has been fixed in Racket version 6.9. Anyone using `racket/sandbox` to execute untrustworthy code with access to Typed Racket should upgrade to version 6.9 immediately. While this known vulnerability has been eliminated, it is possible that similar errors in other installed collections could also be exploited, although we are not currently aware of any existing vulnerabilities. We recommend that if you use the Racket sandbox to execute untrustworthy Racket code, you should also employ additional operating system or virtual machine level protections. The documentation for `racket/sandbox` has been updated to list recommended security practices for using the library." https://download.racket-lang.org/v6.9.html