[slime-devel] Re: [PATCH] Bind *read-eval* in slime-version-string

Helmut Eller heller at common-lisp.net
Thu Apr 17 15:29:31 UTC 2008


* Madhu [2008-04-14 07:39+0200] writes:

> SWANK-LOADER::SLIME-VERSION-STRING calls READ on the first form of the
> ChangeLog file without binding *READ-EVAL* to NIL, which is a potential
> security hole.  This minor patch fixes that, to avoid future dire
> advisories...

We even load user-init files.  Isn't that a much more severe security
hole?




More information about the slime-devel mailing list