Package: emacs23 Version: 23.2+1-7 Tags: security Would you please fix this through stable-proposed-updates? Thanks.
| Hiroshi Oota has found a security flaw in EDE (part of CEDET), a | development tool included in Emacs. EDE can store various information | about a project, such as how to build the project, in a file named | Project.ede in the project directory tree. When the minor mode | `global-ede-mode' is enabled, visiting a file causes Emacs to look for | Project.ede in the file's directory or one of its parent directories. | If Project.ede is present, Emacs automatically reads and evaluates the | first Lisp expression in it. | | This design exposes EDE users to the danger of loading malicious code | from one file (Project.ede), simply by visiting another file in the same | directory tree. | | REF | http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html | https://bugs.gentoo.org/show_bug.cgi?id=398241 | https://bugs.gentoo.org/show_bug.cgi?id=398239 | https://bugs.gentoo.org/show_bug.cgi?id=398227 <http://openwall.com/lists/oss-security/2012/01/10/2> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
