emacs22: CVE-2010-0825 movemail vulnerable to symlink attacks due to race condition

Debian Bug report logs - #590301
emacs22: CVE-2010-0825 movemail vulnerable to symlink attacks due to race condition

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: emacs22: CVE-2010-0825 movemail vulnerable to symlink attacks due to race condition

Date: Sun, 25 Jul 2010 19:58:00 +0200

[Message part 1 (text/plain, inline)]

Package: emacs22
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for emacs22.

CVE-2010-0825[0]:
| lib-src/movemail.c in movemail in emacs 22 and 23 allows local users
| to read, modify, or delete arbitrary mailbox files via a symlink
| attack, related to improper file-permission checks.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0825
    http://security-tracker.debian.org/tracker/CVE-2010-0825

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #16 received at 590301-submitter@bugs.debian.org (full text, mbox, reply):

From: "Thomas Preud'homme" <robotux@celest.fr>

To: control@bugs.debian.org

Cc: 590301-submitter@bugs.debian.org

Subject: closing 590301

Date: Fri, 18 May 2012 14:19:39 +0200

close 590301 22.3+1-1
thanks

emacs22 has been removed from Debian. The issue is fixed in emacs23 according
to [1]

[1] http://security-tracker.debian.org/tracker/CVE-2010-0825

Send a report that this bug log contains spam.