FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362910
Date:      2014-07-25
Time:      14:12:54Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c1e5f35e-f93d-11e1-b07f-00235a5f2c9aemacs -- remote code execution vulnerability

Chong Yidong reports:

Paul Ling has found a security flaw in the file-local variables code in GNU Emacs.

When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user.

The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.


Discovery 2012-08-13
Entry 2012-09-08
Modified 2013-05-13
emacs
gt 24.* lt 24.2

gt 23.* le 23.4_2

54969
CVE-2012-3479
https://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00802.html
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
c1e5f35e-f93d-11e1-b07f-00235a5f2c9aemacs -- remote code execution vulnerability

Chong Yidong reports:

Paul Ling has found a security flaw in the file-local variables code in GNU Emacs.

When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user.

The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.


Discovery 2012-08-13
Entry 2012-09-08
Modified 2013-05-13
emacs
gt 24.* lt 24.2

gt 23.* le 23.4_2

54969
CVE-2012-3479
https://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00802.html
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155