Comment 7 for bug 11265

On Sat, Dec 18, 2004 at 06:37:01PM -0600, Rob Browning wrote:
> Rob Browning <email address hidden> writes:
>
> > Security team summary: opening the emacs1.emacs file in the
> > indicated google link with a stable emacs will result in yes being
> > launched many times without any advance warning to the user. I
> > presume arbitrary other code might be substituted. I'm not yet sure
> > how this was changed in 21.3+1, but that version (the one in
> > testing/unsable) doesn't appear to execute the code provided in
> > either the emacs1.emacs or emacs2.emacs sample exploits. I'm going
> > to see if I can locate the relevant diff.
>
> I've culled a patch from the diff between 21.2 and 21.3 which appears
> to fix the problem. I'll wait to hear from the security team, and I
> may also run it by emacs-devel.

Other emacs and xemacs packages might/probably are affected as well. I
am not familiar with emacs packages in debian (or emacs at all),
therefore someone else will have to check this.

--
 )^o-o^| jabber: <email address hidden>
 | .v K e-mail: jjminar FastMail FM
 ` - .' phone: +44(0)7981 738 696
  \ __/Jan icq: 345 355 493
 __|o|__Minář irc: <email address hidden>