Thu Aug 16 04:01:31 UTC 2012
patches/packages/emacs-23.3-i486-2_slack13.37.txz: Rebuilt.
Patched to fix a security flaw in the file-local variables code.
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user. Bug discovered by Paul Ling.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479
(* Security fix *)
patches/packages/t1lib-5.1.2-i486-3_slack13.37.txz: Rebuilt.
Patched various overflows, crashes, and pointer bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
(* Security fix *)