Leo Famulari <leo@famulari.name> writes:

> On Fri, Dec 16, 2016 at 02:33:19PM -0500, Leo Famulari wrote:
>> We fixed this bug in our guile-irregex package in commit fb73f07a0fe,
>> but our chez-irregex and chicken packages are still vulnerable.
>
> Also note that (I believe) our chicken package is vulnerable to
> CVE-2016-{6830,6831}:
>
> http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00002.html

The attached patch is currently being tested on my computer, but I
suspect it will work.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834845.