Summary: | <app-editors/emacs-23.3-r4 : security flaw in EDE, local execution of arbitrary code (CVE-2012-0035) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ulrich Müller <ulm> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | emacs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Ulrich Müller
2012-01-09 11:54:37 UTC
Upstream commit is here: <http://bzr.savannah.gnu.org/lh/emacs/emacs-23/revision/100631> CCing arch teams, please stabilise app-editors/emacs-23.3-r4. According to Tim, is B amd64 stable Hm, the summary isn't quite accurate. Please note that versions <23.2 don't support CEDET and are therefore not affected by the bug. Here's a complete list of vulnerable versions: app-editors/emacs: PVR <= 23.1-r3 unaffected 23.2 <= PVR <= 23.3-r3 vulnerable 23.4-r4 <= PVR unaffected app-editors/emacs-vcs (live ebuilds omitted): PVR <= 23.0.96 unaffected 23.1.90 <= PVR <= 23.2.94 vulnerable 23.3.90 <= PVR < 24 unaffected 24.0.50_pre20110116 <= PVR <= 24.0.92 vulnerable 24.0.92-r1 <= PVR unaffected (In reply to comment #4) > 23.4-r4 <= PVR unaffected That should be 23.3-r4, of course. Sorry for the bugspam. ppc/ppc64 done What a mess! So this is the target, right?: =app-editors/emacs-23.3-r4 (In reply to comment #7) > What a mess! So this is the target, right?: > =app-editors/emacs-23.3-r4 Right (see comment 1). emacs-vcs has no stable versions. x86 done. Thanks alpha/arm/ia64/s390/sh/sparc stable Stable for HPPA. Stable on all architectures. Vulnerable revision (emacs-23.2-r2) removed. filed new request CVE-2012-0035 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0035): Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. This issue was resolved and addressed in GLSA 201403-05 at http://security.gentoo.org/glsa/glsa-201403-05.xml by GLSA coordinator Sergey Popov (pinkbyte). |