On Thu, 05 Jun 2008 21:31:19 +0300, Ville Skyttä wrote:
On Saturday 10 May 2008, Stephen J. Turnbull wrote:
> The attached message was seen on emacs-devel. Claimed to affect XEmacs
Patch in Gentoo bug tracker looks sane to me, I haven't tested it
The new security explanation in the docstring could be improved though -
using the file's current dir is just one bad choice. Maybe better:
"This list should contain only trusted directories in order to avoid
reading/executing potentially malicious cache files."
It would be great to get a new package released with a fix for this bug
Given the status of the security bug for Gentoo something needs to happen
soon, and without a released new package that means either dropping edit-
utils (not a real option), or creating a Gentoo-specific new package.
While the latter is feasible I'd much rather just use a new XEmacs
XEmacs-Beta mailing list