[slime-devel] Re: [PATCH] Bind *read-eval* in slime-version-string

[Helmut Eller]

* Madhu [2008-04-14 07:39+0200] writes:

> SWANK-LOADER::SLIME-VERSION-STRING calls READ on the first form of the
> ChangeLog file without binding *READ-EVAL* to NIL, which is a potential
> security hole.  This minor patch fixes that, to avoid future dire
> advisories...

We even load user-init files.  Isn't that a much more severe security
hole?