"Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation." <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2833> Vulnerable versions: <21.4-r13 Unaffected versions: >=21.4-r13, <19 I'll commit a fixed emacs-21.4-r13.ebuild as soon as the new patchset is on the mirrors.
Proposing A3 as severity level. Arch teams: Please stabilise app-editors/emacs-21.4-r13.
Thx for the notification Ulrich. However the Security Team normally doesn't handle simple crashes in client applications when users have to take action. Reassigning to maintainer.
The only change between -r12 and -r13 is a small patch for handling of GIF images (14_all_gif-image-size.patch in the patchset). It is also included in Debian's version since some time: <http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=21;filename=emacs21-408929.patch;att=1;bug=408929>. Therefore, I think it is still justified to stabilise -r13 immediately.
x86 stable
Sparc stable, as it is also for emacs-22.1-r1. (I wonder why emacs is slotted and I have two versions installed; must have missed something along the way.)
ppc stable
Stable for HPPA.
alpha/ia64 stable
amd64 stable.
ppc64 stable
emacs-21.4-r13 was removed because of bug #200297. Please keyword and stabilise -r14 instead. This fixes the following issues (as compared to -r4): - portage temp strings embedded, bug #22563 - chmod: too few arguments, bug #85968 - libungif/libgif problem, bug #95961 - fonts when using X, bug #137598 - emerge segfaults, bug #153173 - correctly use aspell when having it installed, bug #158850 - install man pages properly, bug #164969 - man pages not available, bug #165466 - blessmail compilation failure, bug #166059 - man page file collisions, bug #167883 - user-installed subdirs.el is overridden, bug #169107 - libXaw dependency issue, bug #174453 - autoconf issues, bug #180082 - segfault in X menu, bug #180142 - crash on malformed GIF images (CVE-2007-2833), bug #197313 - buffer overflow in format function (CVE-2007-6109), bug #200297
arm stable