Mailinglist Archive: opensuse-updates (101 mails)

< Previous Next >
openSUSE-SU-2012:1348-1: moderate: emacs and depending packages
openSUSE Security Update: emacs and depending packages
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1348-1
Rating: moderate
References: #775993 #780653
Cross-References: CVE-2012-3479
Affected Products:
openSUSE 12.2
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update fixes the following issues for emacs, emacs-w3,
gnuplot and ddskk: emacs:
- Add fix for bnc#775993 which disable arbitrary lisp
code execution when 'enable-local-variables' is set to
':safe' (CVE-2012-3479)
- Add fix for bnc#780653 to allow emacs to parse tar
archives with PAX extended headers
- This update also upgrades emacs to version 24.1:
* Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2,
and SELinux
* Support for wide integer (62 bits) in lisp even on
32-bit machines.
* The --unibyte, --multibyte, --no-multibyte, and
--no-unibyte command line arguments, and the EMACS_UNIBYTE
environment variable, no longer have any effect.
* And many more changes see
/usr/share/emacs/24.1/etc/NEWS
- Remove obsolete patches
- Refresh some others patches

emacs-w3:
- (condition-case ...) and (eval-when (compile) ...) will
not work together

gnuplot:
- Resolve the former problem by using texlive-texinfo to
enforce installing required fonts as well as required
tools for TL 2012
- add more texlive 2012 requirements
- Make it build with latest TeXLive 2012 with new package
layout
- Convert gnuplot.el to new backtick lisp scheme for
emacs 24.1

ddskk:
- Update to ddskk-14.4 and skkdic-20110529
- Take some patches from Debian as well add some own
patches
- Drop superfluous patches


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-710

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

emacs-24.2-15.8.2
emacs-debuginfo-24.2-15.8.2
emacs-debugsource-24.2-15.8.2
emacs-nox-24.2-15.8.2
emacs-x11-24.2-15.8.2
gnuplot-4.6.0-3.4.2
gnuplot-debuginfo-4.6.0-3.4.2
gnuplot-debugsource-4.6.0-3.4.2

- openSUSE 12.2 (noarch):

ddskk-20121010_14.4-283.6.1
emacs-el-24.2-15.8.2
emacs-info-24.2-15.8.2
emacs-w3-cvs-808.4.4
gnuplot-doc-4.6.0-3.4.2
skkdic-20121010_14.4-283.6.1
skkdic-extra-20121010_14.4-283.6.1


References:

http://support.novell.com/security/cve/CVE-2012-3479.html
https://bugzilla.novell.com/775993
https://bugzilla.novell.com/780653


< Previous Next >
This Thread
  • No further messages