Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail. For the stable distribution (woody) these problems have been fixed in version 20.7-13.3. The unstable distribution (sid) does not contain an Emacs20 package anymore. We recommend that you upgrade your emacs packages.
Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.
For the stable distribution (woody) these problems have been fixed in version 20.7-13.3.
The unstable distribution (sid) does not contain an Emacs20 package anymore.
We recommend that you upgrade your emacs packages.
MD5 checksums of the listed files are available in the original advisory.