Issue378

classification
Title [Bug: 21.5-b28] .flc files can run arbitrary code automatically
Type defect Module core code 21.4, core code 21.5
Severity inconvenience Platform N/A
Keywords Nosy List graaff, stephen
explanation
process
These controls should only be changed by committers and tracker administrators.
Status new   Reason
Superseder   Submitted 2008-05-09.19:09:57
Priority normal   Assigned To

Created on 2008-05-09.23:20:08 by stephen, last changed 2008-05-14.18:17:34 by graaff.

Messages
msg753 [hidden] ([hidden]) Date: 2008-05-13.18:45:52
  Message-ID: <1210704352.67.0.446731551775.issue378@xemacs.org>
This issue is tracked for Gentoo as
https://bugs.gentoo.org/show_bug.cgi?id=221197 and classified
a security bug. The bug report currently contains bug fixes
for GNU Emacs 21.4 and 22.2.

It looks like the 21.4 patch can be applied to fast-lock.el in
edit-utils directly. I'm not 100% sure about the
'risky-local-variable, although that it also used in align.el
and desktop.el.
msg742 [hidden] ([hidden]) Date: 2008-05-13.00:01:42
"Marshall, Simon" <Simon.Marshall@misys.com> provides patch in
<6EE216E1AA959543A555C60FF34FB767041E7950@maileube01.misys.global.ad\
> on emacs-devel.
msg728 [hidden] ([hidden]) Date: 2008-05-09.23:20:08
  Message-ID: <87y76jkr35.fsf@uwakimon.sk.tsukuba.ac.jp>
================================================================
Dear Bug Team!

The attached message was seen on emacs-devel.  Claimed to affect
XEmacs too.

================================================================

-------------- next part --------------
An embedded message was scrubbed...
From: unknown sender
Subject: no subject
Date: no date
Size: 6367
Url: http://calypso.tux.org/pipermail/xemacs-tracker/attachments/20080510/17968bcb/welinder.eml
-------------- next part --------------
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta@xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta
History
Date User Action Args
2008-05-14 18:17:34graaffsetnosy: + graaff
2008-05-13 18:45:52graaffsetmessages: + msg753
2008-05-13 00:01:42stephensetstatus: new
severity: inconvenience
messages: + msg742
module: + core code 21.4, core code 21.5
priority: normal
platform: + N/A
type: defect
2008-05-09 23:20:08stephencreate