From owner-svn-ports-all@FreeBSD.ORG Fri Sep 7 23:07:15 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BDC49106566C; Fri, 7 Sep 2012 23:07:15 +0000 (UTC) (envelope-from rakuco@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 8F34D8FC15; Fri, 7 Sep 2012 23:07:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q87N7FKf079414; Fri, 7 Sep 2012 23:07:15 GMT (envelope-from rakuco@svn.freebsd.org) Received: (from rakuco@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q87N7Fs5079410; Fri, 7 Sep 2012 23:07:15 GMT (envelope-from rakuco@svn.freebsd.org) Message-Id: <201209072307.q87N7Fs5079410@svn.freebsd.org> From: Raphael Kubo da Costa Date: Fri, 7 Sep 2012 23:07:15 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r303835 - head/security/vuxml X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2012 23:07:15 -0000 Author: rakuco Date: Fri Sep 7 23:07:14 2012 New Revision: 303835 URL: http://svn.freebsd.org/changeset/ports/303835 Log: Document the vulnerability that led to emacs 24.2 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 7 22:58:24 2012 (r303834) +++ head/security/vuxml/vuln.xml Fri Sep 7 23:07:14 2012 (r303835) @@ -51,6 +51,46 @@ Note: Please add new entries to the beg --> + + emacs -- remote code execution vulnerability + + + emacs + 24.2 + + + + +

Chong Yidong reports:

+
+

Paul Ling has found a security flaw in the file-local + variables code in GNU Emacs.

+

When the Emacs user option `enable-local-variables' is + set to `:safe' (the default value is t), Emacs should + automatically refuse to evaluate `eval' forms in file-local + variable sections. Due to the bug, Emacs instead + automatically evaluates such `eval' forms. Thus, if the user + changes the value of `enable-local-variables' to `:safe', + visiting a malicious file can cause automatic execution of + arbitrary Emacs Lisp code with the permissions of the + user.

+

The bug is present in Emacs 23.2, 23.3, 23.4, and + 24.1.

+
+ + + + 54969 + CVE-2012-3479 + https://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00802.html + http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 + + + 2012-08-13 + 2012-09-08 + + + wordpress -- multiple unspecified privilege escalation bugs