Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 197313
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: GNU Emacs Team <emacs@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Ulrich Müller <ulm@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 197313 depends on: 174880 174882 Show dependency tree
Bug 197313 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-10-28 18:48 0000 
"Emacs 21 allows user-assisted attackers to cause a denial of service (crash)
via certain crafted images, as demonstrated via a GIF image in vm mode, related
to image size calculation."

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2833>

Vulnerable versions: <21.4-r13
Unaffected versions: >=21.4-r13, <19

I'll commit a fixed emacs-21.4-r13.ebuild as soon as the new patchset is on the
mirrors.

------- Comment #1 From Ulrich Müller 2007-10-28 20:32:43 0000 ------- 
Proposing A3 as severity level.

Arch teams: Please stabilise app-editors/emacs-21.4-r13.

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-10-28 20:45:20 0000 ------- 
Thx for the notification Ulrich. However the Security Team normally doesn't
handle simple crashes in client applications when users have to take action.
Reassigning to maintainer.

------- Comment #3 From Ulrich Müller 2007-10-29 05:46:59 0000 ------- 
The only change between -r12 and -r13 is a small patch for handling of GIF
images (14_all_gif-image-size.patch in the patchset). It is also included in
Debian's version since some time:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=21;filename=emacs21-408929.patch;att=1;bug=408929>.

Therefore, I think it is still justified to stabilise -r13 immediately.

------- Comment #4 From Christian Faulhammer 2007-10-30 09:54:10 0000 ------- 
x86 stable

------- Comment #5 From Ferris McCormick 2007-10-30 11:53:14 0000 ------- 
Sparc stable, as it is also for emacs-22.1-r1.  (I wonder why emacs is slotted
and I have two versions installed; must have missed something along the way.)

------- Comment #6 From nixnut 2007-10-30 17:38:55 0000 ------- 
ppc stable

------- Comment #7 From Jeroen Roovers 2007-10-31 16:51:20 0000 ------- 
Stable for HPPA.

------- Comment #8 From Raúl Porcel 2007-11-01 12:35:02 0000 ------- 
alpha/ia64 stable

------- Comment #9 From Ulrich Müller 2007-11-14 08:08:09 0000 ------- 
amd64 stable.

------- Comment #10 From Brent Baude 2007-11-14 16:05:22 0000 ------- 
ppc64 stable

------- Comment #11 From Ulrich Müller 2007-12-09 11:28:57 0000 ------- 
emacs-21.4-r13 was removed because of bug #200297.
Please keyword and stabilise -r14 instead.

This fixes the following issues (as compared to -r4):
- portage temp strings embedded, bug #22563
- chmod: too few arguments, bug #85968
- libungif/libgif problem, bug #95961
- fonts when using X, bug #137598
- emerge segfaults, bug #153173
- correctly use aspell when having it installed, bug #158850
- install man pages properly, bug #164969
- man pages not available, bug #165466
- blessmail compilation failure, bug #166059
- man page file collisions, bug #167883
- user-installed subdirs.el is overridden, bug #169107
- libXaw dependency issue, bug #174453
- autoconf issues, bug #180082
- segfault in X menu, bug #180142
- crash on malformed GIF images (CVE-2007-2833), bug #197313
- buffer overflow in format function (CVE-2007-6109), bug #200297

------- Comment #12 From Christian Faulhammer 2007-12-11 09:32:20 0000 ------- 
arm stable
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug