First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 197958
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 197958 depends on: Show dependency tree
Bug 197958 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-11-03 13:44 0000 
CVE-2007-5795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5795):
  The hack-local-variables function in Emacs before 22.2, when
  enable-local-variables is set to :safe, does not properly search lists of
  unsafe or risky variables, which might allow user-assisted attackers to
  bypass intended restrictions and modify critical program variables via a file
  containing a Local variables declaration.

------- Comment #1 From Robert Buchholz 2007-11-03 13:46:47 0000 ------- 
Emacs, please advise.
Is any of our ebuilds affected, or maybe other packages than app-editors/emacs?

------- Comment #2 From Ulrich Müller 2007-11-03 15:05:46 0000 ------- 
Fixed in emacs-22.1-r2. Decreasing severity to B4 since the issue doesn't
affect the default configuration.

Vulnerable versions: <22.1-r2
Unaffected versions: >=22.1-r2, <22

Arch teams: Please stabilise app-editors/emacs-22.1-r2.

------- Comment #3 From Raúl Porcel 2007-11-03 17:33:18 0000 ------- 
alpha/ia64/stable

------- Comment #4 From Dawid Węgliński 2007-11-03 19:12:32 0000 ------- 
Stable on x86

------- Comment #5 From Markus Rothe 2007-11-03 22:28:01 0000 ------- 
ppc64 stable

------- Comment #6 From Tobias Scherbaum 2007-11-05 18:53:36 0000 ------- 
ppc stable

------- Comment #7 From Mike Doty 2007-11-06 23:14:41 0000 ------- 
amd64 done(committed by wolf31o2 for me)

------- Comment #8 From Chris Gianelloni (RETIRED) 2007-11-06 23:15:12 0000 ------- 
You'll probably want to back-port this to the latest SLOT=21 version, too.

------- Comment #9 From Ulrich Müller 2007-11-06 23:58:03 0000 ------- 
Vulnerable revision emacs-22.1-r1 removed.

(In reply to comment #8)
> You'll probably want to back-port this to the latest SLOT=21 version, too.

Emacs 21 is not affected; the relevant code is new in version 22.

------- Comment #10 From Sune Kloppenborg Jeppesen 2007-11-07 09:41:31 0000 ------- 
I tend to vote NO.

------- Comment #11 From Robert Buchholz 2007-11-12 21:59:33 0000 ------- 
Setting to B3 and voting
  YES

This vulnerability, if emacs is configured as described above, allows execution
of arbitrary LISP (not shell) code, therefore can overwrite files writable by
emacs. See last comment on the Debian report in URL.

------- Comment #12 From Pierre-Yves Rofes 2007-11-20 22:13:04 0000 ------- 
yes too, request filed.

------- Comment #13 From Pierre-Yves Rofes 2007-12-09 19:53:54 0000 ------- 
GLSA 200712-03
First Last Prev Next    No search results available      Search page      Enter new bug