[Bug: 21.5-b28] .flc files can run arbitrary code automatically
Ville Skyttä
scop at xemacs.org
Thu Jun 5 14:31:19 EDT 2008
On Saturday 10 May 2008, Stephen J. Turnbull wrote:
> The attached message was seen on emacs-devel. Claimed to affect
> XEmacs too.
Patch in Gentoo bug tracker looks sane to me, I haven't tested it though.
http://bugs.gentoo.org/show_bug.cgi?id=221197#c15
The new security explanation in the docstring could be improved though - using
the file's current dir is just one bad choice. Maybe better:
"This list should contain only trusted directories in order to avoid
reading/executing potentially malicious cache files."
Norbert, WDYT?
More information about the XEmacs-Beta
mailing list