From cdb3c9d662c772ce25ea4d803eccd2c9e6a6ae99 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Mattias=20Engdeg=C3=A5rd?= <mattiase@acm.org>
Date: Mon, 26 Oct 2020 12:40:51 +0100
Subject: [PATCH] Don't consider play-sound-file to be a 'safe' function
 (bug#44018)

While there are currently no known security holes in play-sound-file,
the attack surface is considerable and historically audio file
processing has had more than its share of security problems; the
benefit to risk ratio is low.

* lisp/emacs-lisp/unsafep.el: Don't mark play-sound-file as safe.
---
 lisp/emacs-lisp/unsafep.el | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lisp/emacs-lisp/unsafep.el b/lisp/emacs-lisp/unsafep.el
index e7077140e54..96db5c71939 100644
--- a/lisp/emacs-lisp/unsafep.el
+++ b/lisp/emacs-lisp/unsafep.el
@@ -101,7 +101,7 @@ in the parse.")
 	     ;;Macros from subr.el
 	     save-match-data unless when
 	     ;;Functions from subr.el that have side effects
-	     split-string replace-regexp-in-string play-sound-file))
+	     split-string replace-regexp-in-string))
   (put x 'safe-function t))
 
 ;;;###autoload
-- 
2.39.2