aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple command injection vulnerabilitiesemacs-28.2-patches-3emacs-27.2-patches-6emacs-26.3-patches-5emacs-25.3-patches-5Ulrich Müller2023-02-264-0/+181
| | | | | | | | | | | | | | | | This fixes command injection vulnerabilities in etags (CVE-2022-48337), ruby-mode (CVE-2022-48338), and htmlfontify (CVE-2022-48339) for Emacs slots 25, 26, 27, and 28. Note that Emacs 25 and 26 are not affected by the ruby-mode vulnerability because function ruby-find-library-file did not yet exist (and there is no call to the gem command in ruby-mode.el). Emacs 18 is not affected by either of them: It doesn't have ruby-mode and htmlfontify, and we no longer install the ctags and etags binaries. Bug: https://bugs.gentoo.org/897950 Signed-off-by: Ulrich Müller <ulm@gentoo.org>
* Support webkit2gtk-4.1emacs-28.2-patches-2emacs-27.2-patches-5emacs-26.3-patches-4Ulrich Müller2023-02-121-0/+26
| | | | Signed-off-by: Ulrich Müller <ulm@gentoo.org>
* Fix ctags command execution vulnerabilityemacs-28.2-patches-1emacs-27.2-patches-4emacs-26.3-patches-3emacs-25.3-patches-4Ulrich Müller2022-11-301-0/+255
| | | | | Bug: https://bugs.gentoo.org/883687 Signed-off-by: Ulrich Müller <ulm@gentoo.org>
* 28.2: Copy patchset from 28.1Ulrich Müller2022-11-301-0/+15
Signed-off-by: Ulrich Müller <ulm@gentoo.org>