Quoth Moritz Muehlenhoff <[EMAIL PROTECTED]>, on 2007-11-02 17:13:23 +0100:
> JFTR, emacs21 from Debian Etch is not affected, it correctly prints a
> "Ignoring risky spec in the local variables list" warning.
This is true, yes. It's mostly because the behavior of file local
variables in Emacs 21
Drake Wilson wrote:
> Package: emacs22-common
> Version: 22.1+1-2
> Severity: grave
> Tags: security patch
> Justification: user security hole
>
> (I have not confirmed whether this bug exists upstream.)
>
> In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
> function does not
Quoth Romain Francoise <[EMAIL PROTECTED]>, on 2007-11-02 12:11:46 +0100:
> Thank you very much for finding and reporting this issue. I've
> confirmed that it still applies upstream and installed your patch in
> the trunk and in the Emacs 22 release branch for the upcoming 22.2
> release.
Aha, lo
tags 449008 fixed-upstream
quit
Hi,
Drake Wilson <[EMAIL PROTECTED]> writes:
> The source of this bug: `hack-local-variables' makes lists of
> `risky-vars' and `unsafe-vars' to strip out when in :safe mode, as
> (variable . value) conses. It then avoids setting variables where
> the name of the
Package: emacs22-common
Version: 22.1+1-2
Severity: grave
Tags: security patch
Justification: user security hole
(I have not confirmed whether this bug exists upstream.)
In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-var
5 matches
Mail list logo