[ubuntu/quantal] emacs23 23.4+1-4ubuntu1 (Accepted)

Colin Watson cjwatson at canonical.com
Sat Sep 22 23:23:14 UTC 2012 

emacs23 (23.4+1-4ubuntu1) quantal-proposed; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - debian/control.in:
      - Do not suggest emacs23-common-non-dfsg.
      - Replace use of Source-Version with source:Version.
      - Have emacs23-common Depends on emacs23-common-non-dfsg, now that it
        is going to main.
      - Use libtiff5-dev in place of libtiff4-dev.
    - debian/patches:
      - emacsVER-lp725988.patch: Set the X EMACS_CLASS to "Emacs23" to please
        bamf and gnome-shell
      - debian/patches/no_cpp_multiarch_dir_mangling.diff: make sure cpp
        doesn't mangle our multiarch include path due to a built-in macro
        matching the architecture name.
    - debian/emacsVER.desktop: also set StartupWMClass for bamf and
      gnome-shell

emacs23 (23.4+1-4) unstable; urgency=high

  * Add 0018-Don-t-eval-code-when-enable-local-variables-is-safe.patch.
    Don't eval code when enable-local-variables is :safe.  Previously,
    Emacs might eval forms in file-local variable sections even when
    the Emacs user option `enable-local-variables' was set to :safe
    (CVE-2012-3479).  Please see the patch for additional details.
    Thanks to Henri Salo <henri at nerv.fi> for the report.
    (Closes: #684695)

  * Stop producing the emacs binary metapackage.  Move the emacs
    binary metapackage to its own source package (emacs-defaults,
    cf. gcc-defaults).  This will prevent emacs23 and emacs24 from
    producing the same binary package.

emacs23 (23.4+1-3ubuntu3) quantal-proposed; urgency=low

  * SECURITY UPDATE: arbitrary lisp code execution via crafted file
    - debian/patches/CVE-2012-3479.patch: ignore eval: forms that are not
      known to be safe if enable-local-variables is set to :safe in
      lisp/files.el.
    - CVE-2012-3479

Date: 2012-09-22 13:20:07.742044+00:00
Changed-By: Colin Watson <cjwatson at canonical.com>
https://launchpad.net/ubuntu/quantal/+source/emacs23/23.4+1-4ubuntu1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list