{"id":"MGASA-2021-0340","summary":"Updated guile1.8 packages fix security vulnerabilities","details":"The mkdir procedure of GNU Guile temporarily changed the process' umask to\nzero. During that time window, in a multithreaded application, other threads\ncould end up creating files with insecure permissions. For example, mkdir\nwithout the optional mode argument would create directories as 0777. This is\nfixed in Guile 2.0.13. Prior versions are affected (CVE-2016-8605).\n","modified":"2026-04-16T04:40:48.485207062Z","published":"2021-07-12T20:26:21Z","upstream":["CVE-2016-8605"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0340.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27200"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19567"}],"affected":[{"package":{"name":"guile1.8","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/guile1.8?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.8-25.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0340.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}