Your message dated Tue, 06 May 2014 22:38:07 -0500 with message-id <[email protected]> has caused the report #747100, regarding emacs23: Insecure use of temporary files in included lisp libraries/packages to be marked as having been forwarded to the upstream software author(s) [email protected]
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 747100: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---[If possible, please preserve the 747100-forwarded address in any replies.] The following bug was recently filed against the emacs23 package, and after some preliminary research, it appears that the security issues mentioned may still apply to 24.3. (Though it looks like the relevant tramp file may now be tramp-sh.el). Steve Kemp <[email protected]> writes: > Package: emacs23 > Version: 23.4+1-4 > Severity: important > > There are several tempfile-vulnerabilities present in the Emacs Lisp > bundled and distributed with the emacs23 package. > > Here are four brief pointers to unsafe code: > > lisp/gnus/gnus-fun.el: > In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is > used, blindly allowing the existing file to be truncated, and symlinks > followed. > > lisp/emacs-lisp/find-gc.el: > In the function `trace-call-tree` there are some horrific invocations > of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc". > > lisp/net/browse-url.el > In the function `browse-url-mosaic` the file "/tmp/Mosaic.$PID" is blindly > overwritten. Suspect this whole function is obsolete though :) > > lisp/net/tramp.el > The function `tramp-uudecode`, a fallback if a real uudecoding binary > is not present, blindly uses "/tmp/tramp.$PID", truncating and removing > the file. > > > I suspect that each should receive a CVE identifier. -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
--- End Message ---
