670478435a982fc4d1f001ea08669f53d35a51cd

~ chicken-core (chicken-5) 670478435a982fc4d1f001ea08669f53d35a51cd

commit 670478435a982fc4d1f001ea08669f53d35a51cd
Author:     felix <felix@call-with-current-continuation.org>
AuthorDate: Fri Nov 11 11:42:03 2022 +0100
Commit:     felix <felix@call-with-current-continuation.org>
CommitDate: Fri Nov 11 11:42:03 2022 +0100

    mention recent security fix in NEWS

diff --git a/NEWS b/NEWS
index a3fd88a8..54888aff 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,11 @@
 5.3.1
 
+- Security fixes
+  - CVE-2022-45145: Neutralize possible escape characters in egg metadata
+    to avoid arbitrary OS command injection during egg installation,
+    reported by Vasilij Schneidermann who also provided the necessary
+    patches to mitigate this problem.
+
 - Core libraries
   - Added "locative-index", kindly contributed by John Croisant.
   - Added "fp*+" (fused multiply-add) to "chicken.flonum" module

Trap