"Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1."
Fixed in emacs-23.4-r4 and emacs-24.1-r1. Package: app-editors/emacs Vulnerable versions: < 24.1-r1 Unaffected versions: >= 24.1-r1, revision >= 23.4-r4, < 23.2 Architecture(s): All supported architectures Arch teams, please stabilise: emacs-23.4-r4: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 emacs-24.1-r1: amd64 arm hppa ppc64 x86
CVE-2012-3479
Arch teams, please test and mark stable: =app-editors/emacs-23.4-r4 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 =app-editors/emacs-24.1-r1 Stable KEYWORDS : amd64 arm hppa ppc64 x86
amd64 stable
Stable for HPPA.
x86 stable
arm stable
alpha/ia64/s390/sh/sparc stable
CVE-2012-3479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3479): lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
ppc64 stable
ppc: ping
(In reply to comment #11) > ppc: ping pong! stable ppc, closing
Stable on all supported arches, vulnerable versions removed from tree.
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201403-05 at http://security.gentoo.org/glsa/glsa-201403-05.xml by GLSA coordinator Sergey Popov (pinkbyte).
