CVSROOT: /cvs
Module name: ports
Changes by: juan...@cvs.openbsd.org 2017/04/28 12:14:54
Modified files:
lang/racket-minimal: Tag: OPENBSD_6_1 Makefile distinfo
lang/racket-minimal/pkg: Tag: OPENBSD_6_1 PLIST
Log message:
Update to Racket 6.9.
SECURITY:
"A security vulnerability in the `racket/sandbox` library and Typed
Racket allowed malicious Typed Racket code to escape the sandbox.
This vulnerability has been fixed in Racket version 6.9. Anyone using
`racket/sandbox` to execute untrustworthy code with access to Typed
Racket should upgrade to version 6.9 immediately.
While this known vulnerability has been eliminated, it is possible that
similar errors in other installed collections could also be exploited,
although we are not currently aware of any existing vulnerabilities. We
recommend that if you use the Racket sandbox to execute untrustworthy
Racket code, you should also employ additional operating system or
virtual machine level protections. The documentation for `racket/sandbox`
has been updated to list recommended security practices for using the
library."
https://download.racket-lang.org/v6.9.html
