master cdb3c9d: Don't consider play-sound-file to be a 'safe' function (

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

master cdb3c9d: Don't consider play-sound-file to be a 'safe' function (

From:	Mattias Engdeg�rd
Subject:	master cdb3c9d: Don't consider play-sound-file to be a 'safe' function (bug#44018)
Date:	Mon, 26 Oct 2020 07:51:30 -0400 (EDT)

branch: master
commit cdb3c9d662c772ce25ea4d803eccd2c9e6a6ae99
Author: Mattias Engdegård <mattiase@acm.org>
Commit: Mattias Engdegård <mattiase@acm.org>

    Don't consider play-sound-file to be a 'safe' function (bug#44018)
    
    While there are currently no known security holes in play-sound-file,
    the attack surface is considerable and historically audio file
    processing has had more than its share of security problems; the
    benefit to risk ratio is low.
    
    * lisp/emacs-lisp/unsafep.el: Don't mark play-sound-file as safe.
---
 lisp/emacs-lisp/unsafep.el | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lisp/emacs-lisp/unsafep.el b/lisp/emacs-lisp/unsafep.el
index e707714..96db5c7 100644
--- a/lisp/emacs-lisp/unsafep.el
+++ b/lisp/emacs-lisp/unsafep.el
@@ -101,7 +101,7 @@ in the parse.")
             ;;Macros from subr.el
             save-match-data unless when
             ;;Functions from subr.el that have side effects
-            split-string replace-regexp-in-string play-sound-file))
+            split-string replace-regexp-in-string))
   (put x 'safe-function t))
 
 ;;;###autoload

[Prev in Thread]

Current Thread

[Next in Thread]

master cdb3c9d: Don't consider play-sound-file to be a 'safe' function (bug#44018), Mattias Engdeg�rd <=

Prev by Date: branch scratch/shortdoc deleted (was 41297c2)
Next by Date: emacs-27 20c02e6: Improve documentation of display-fill-column-indicator
Previous by thread: branch scratch/shortdoc deleted (was 41297c2)
Next by thread: emacs-27 20c02e6: Improve documentation of display-fill-column-indicator
Index(es):
- Date
- Thread