pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2012Q2] pkgsrc/editors
Module Name: pkgsrc
Committed By: tron
Date: Mon Aug 13 13:07:44 UTC 2012
Modified Files:
pkgsrc/editors/emacs [pkgsrc-2012Q2]: Makefile distinfo
pkgsrc/editors/emacs-nox11 [pkgsrc-2012Q2]: Makefile
Added Files:
pkgsrc/editors/emacs/patches [pkgsrc-2012Q2]: patch-lisp_files.el
Log Message:
Pullup ticket #3899 - requested by wiz
editors/emacs-nox11: security patch
editors/emacs: security patch
Revisions pulled up:
- editors/emacs-nox11/Makefile 1.36
- editors/emacs/Makefile 1.146
- editors/emacs/distinfo 1.58
- editors/emacs/patches/patch-lisp_files.el 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 13 06:53:07 UTC 2012
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
pkgsrc/editors/emacs-nox11: Makefile
Added Files:
pkgsrc/editors/emacs/patches: patch-lisp_files.el
Log Message:
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.145.2.1 pkgsrc/editors/emacs/Makefile
cvs rdiff -u -r1.57 -r1.57.2.1 pkgsrc/editors/emacs/distinfo
cvs rdiff -u -r1.35 -r1.35.4.1 pkgsrc/editors/emacs-nox11/Makefile
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/editors/emacs/patches/patch-lisp_files.el
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index