guile-2.0 - security update

Several vulnerabilities were discovered in GNU Guile, an
implementation of the Scheme programming language. The Common
Vulnerabilities and Exposures project identifies the following issues.

• CVE-2016-8605
  The mkdir procedure of GNU Guile temporarily changed the process’
  umask to zero. During that time window, in a multithreaded
  application, other threads could end up creating files with
  insecure permissions.
• CVE-2016-8606
  GNU Guile provides a REPL server which is a command prompt that
  developers can connect to for live coding and debugging purposes.
  The REPL server is started by the ‘–listen’ command-line option
  or equivalent API.

It was reported that the REPL server is vulnerable to the HTTP
inter-protocol attack.

This constitutes a remote code execution vulnerability for
developers running a REPL server that listens on a loopback device
or private network. Applications that do not run a REPL server, as
is usually the case, are unaffected.

For Debian 7 Wheezy, these problems have been fixed in version
2.0.5+1-3+deb7u1.

We recommend that you upgrade your guile-2.0 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;