[MacPorts] #36283: emacs23: CVE-2012-3479 security issue
MacPorts
noreply at macports.org
Sat Sep 22 12:40:53 PDT 2012
#36283: emacs23: CVE-2012-3479 security issue
---------------------+----------------------
Reporter: blair@… | Owner: dports@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.1.2
Keywords: | Port: emacs23
---------------------+----------------------
There's a security issue in emacs23:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically
executes eval forms in local-variable sections when the enable-local-
variables option is set to :safe, which allows user-assisted remote
attackers to execute arbitrary Emacs Lisp code via a crafted file.
The patch here applies cleanly to the source:
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
--
Ticket URL: <https://trac.macports.org/ticket/36283>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list