Summary: | app-editors/emacs < 22.2-r3 Interactive Python Session loads module from PWD (CVE-2008-3949) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | emacs | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B2 [glsa+] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 220535 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-09-02 20:50:53 UTC
Created attachment 164408 [details, diff]
emacs-python-nopwd.patch
*** Bug 236508 has been marked as a duplicate of this bug. *** Arch Security Liaisons, please test and mark stable: =app-editors/emacs-22.2-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" CC'ing current Liaisons: alpha : yoswink, armin76 amd64 : keytoaster, tester hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : maekke, armin76 app-editors/emacs <22 and app-editors/emacs-cvs are not affected. amd64 stable ppc64 stable Stable for HPPA. alpha/ia64/sparc/x86 stable The vulnerability has been announced at <http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html>, so can you please open this bug now? (In reply to comment #9) > The vulnerability has been announced at > <http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html>, so can > you please open this bug now? > done, removing sec liaison and CC'ing remaining arches. (In reply to comment #10) > (In reply to comment #9) > > The vulnerability has been announced at > > <http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html>, so can > > you please open this bug now? > > > done, removing sec liaison and CC'ing remaining arches. This bug can be safely closed after a possible GLSA as we handle further stabilisations in bug 220535 (In reply to comment #11) > (In reply to comment #10) > > (In reply to comment #9) > > > The vulnerability has been announced at > > > <http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html>, so can > > > you please open this bug now? > > > > > done, removing sec liaison and CC'ing remaining arches. > > This bug can be safely closed after a possible GLSA as we handle further > stabilisations in bug 220535 > ok, thanks for the info. ppc stable All supported archs stable. Vulnerable versions: <22.2-r3 Unaffected: >=22.2-r3, <22 arm/s390/sh stable, thanks vapier and armin76. Security, can we assist you in any way bringing out the GLSA? Maybe by reviewing it. GLSA 200902-06, sorry for the delay. |