The hack-local-variables function in Emacs before 22.2, when
enable-local-variables is set to :safe, does not properly search lists of
unsafe or risky variables, which might allow user-assisted attackers to
bypass intended restrictions and modify critical program variables via a file
containing a Local variables declaration.
Emacs, please advise.
Is any of our ebuilds affected, or maybe other packages than app-editors/emacs?
Fixed in emacs-22.1-r2. Decreasing severity to B4 since the issue doesn't affect the default configuration.
Vulnerable versions: <22.1-r2
Unaffected versions: >=22.1-r2, <22
Arch teams: Please stabilise app-editors/emacs-22.1-r2.
Stable on x86
amd64 done(committed by wolf31o2 for me)
You'll probably want to back-port this to the latest SLOT=21 version, too.
Vulnerable revision emacs-22.1-r1 removed.
(In reply to comment #8)
> You'll probably want to back-port this to the latest SLOT=21 version, too.
Emacs 21 is not affected; the relevant code is new in version 22.
I tend to vote NO.
Setting to B3 and voting
This vulnerability, if emacs is configured as described above, allows execution of arbitrary LISP (not shell) code, therefore can overwrite files writable by emacs. See last comment on the Debian report in URL.
yes too, request filed.