GNU bug report logs - #37656
27.0.50; Arbitrary code execution with special `mode:'

Previous Next

Package: emacs;

Reported by: adam plaice <plaice.adam+lists <at> gmail.com>

Date: Tue, 8 Oct 2019 08:49:02 UTC

Severity: normal

Tags: security

Found in version 27.0.50

Fixed in version 30.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Phil Sainty <psainty <at> orcon.net.nz>
To: Stefan Kangas <stefan <at> marxist.se>
Cc: 37656 <at> debbugs.gnu.org, adam plaice <plaice.adam+lists <at> gmail.com>, Emacs developers <emacs-devel <at> gnu.org>
Subject: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Date: Wed, 16 Oct 2019 13:55:08 +1300

On 2019-10-16 11:55, Stefan Kangas wrote:
> Here is a more complete patch.  Does it look like the right fix?

I don't think so.  If we're removing the multiple 'mode' feature, then
`set-auto-mode' says the following about it:

    ;; Once we drop the deprecated feature where mode: is also allowed 
to
    ;; specify minor-modes (ie, there can be more than one "mode:"), we 
can
    ;; remove this section and just let (hack-local-variables t) handle 
it.
    ;; Find a -*- mode tag.

This bug report was last modified 125 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #37656 27.0.50; Arbitrary code execution with special `mode:'

GNU bug report logs - #37656
27.0.50; Arbitrary code execution with special `mode:'