Bug#449008: NMU diff

Romain Francoise Sat, 03 Nov 2007 02:29:07 -0800

Here's the diff for the 22.1+1-2.1 NMU:

diff -u emacs22-22.1+1/debian/changelog emacs22-22.1+1/debian/changelog
--- emacs22-22.1+1/debian/changelog
+++ emacs22-22.1+1/debian/changelog
@@ -1,3 +1,12 @@
+emacs22 (22.1+1-2.1) unstable; urgency=high
+
+  * NMU
+  * Incorporate patch from Drake Wilson <[EMAIL PROTECTED]> fixing a
+    vulnerability in the handling of file local variables (CVE-2007-5795)
+    (closes: #449008).
+
+ -- Romain Francoise <[EMAIL PROTECTED]>  Sat, 03 Nov 2007 09:31:51 +0100
+
 emacs22 (22.1+1-2) unstable; urgency=low
 
   * Fix mail locking patch for Debian's non-Linux architectures.  Thanks
diff -u emacs22-22.1+1/debian/patches/series 
emacs22-22.1+1/debian/patches/series
--- emacs22-22.1+1/debian/patches/series
+++ emacs22-22.1+1/debian/patches/series
@@ -13,0 +14 @@
+cve-2007-5795.diff
only in patch2:
unchanged:
--- emacs22-22.1+1.orig/debian/patches/cve-2007-5795.diff
+++ emacs22-22.1+1/debian/patches/cve-2007-5795.diff
@@ -0,0 +1,28 @@
+* A security vulnerability in the handling of local variables has been fixed.
+  Patch: cve-2007-5795.diff
+  Provided-by: Drake Wilson <[EMAIL PROTECTED]>
+  Date: Sat, 03 Nov 2007 09:25:50 +0100
+  Added-by: Romain Francoise <[EMAIL PROTECTED]>
+  Status: merged upstream
+
+  Upstream changelog entry:
+
+  2007-11-02  Drake Wilson  <[EMAIL PROTECTED]>  (tiny change)
+
+        * files.el (hack-local-variables): Fix membership tests to avoid
+        treating all variables as safe if `enable-local-variables' is
+        set to :safe.
+
+--- a/lisp/files.el
++++ b/lisp/files.el
+@@ -2736,8 +2736,8 @@
+               ;; If caller wants only the safe variables,
+               ;; install only them.
+               (dolist (elt result)
+-                (unless (or (memq (car elt) unsafe-vars)
+-                            (memq (car elt) risky-vars))
++                (unless (or (member elt unsafe-vars)
++                            (member elt risky-vars))
+                   (hack-one-local-variable (car elt) (cdr elt))))
+             ;; Query, except in the case where all are known safe
+             ;; if the user wants no quuery in that case.


-- 
  ,''`.
 : :' :        Romain Francoise <[EMAIL PROTECTED]>
 `. `'         http://people.debian.org/~rfrancoise/
   `-



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#449008: NMU diff

Reply via email to