[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs21 (Ubuntu Intrepid) Status: New = Fix Released ** Changed in: emacs21 (Ubuntu Hardy) Status: New = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
This bug was fixed in the package emacs22 - 22.2-0ubuntu2 --- emacs22 (22.2-0ubuntu2) intrepid; urgency=low * SECURITY UPDATE: temporary file race condition in vcdiff (LP: #174177) * debian/patches/fix-vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp * References CVE-2008-1694 -- Jamie Strandboge [EMAIL PROTECTED] Thu, 04 Sep 2008 09:27:58 -0500 ** Changed in: emacs22 (Ubuntu Intrepid) Status: In Progress = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
Intrepid is still vulnerable to CVE-2008-1694. ** Changed in: emacs22 (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = Fix Released ** Changed in: emacs22 (Ubuntu Intrepid) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: Fix Released = In Progress -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
http://www.ubuntu.com/usn/usn-607-1 ** Changed in: emacs21 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
This bug was fixed in the package emacs22 - 22.1-0ubuntu5.2 --- emacs22 (22.1-0ubuntu5.2) gutsy-security; urgency=low * SECURITY UPDATE: buffer overflow in format function * debian/patches/fix-format-overflow.diff: fix src/editfns.c to account for precision in integer formatting (LP: #174177) * SECURITY UPDATE: temporary file race condition in vcdiff * debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp * References CVE-2007-6109 CVE-2008-1694 -- Jamie Strandboge [EMAIL PROTECTED] Thu, 01 May 2008 10:58:07 -0400 ** Changed in: emacs22 (Ubuntu Gutsy) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1694 ** Changed in: emacs21 (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
This bug was fixed in the package emacs21 - 21.4a+1-2ubuntu1.2 --- emacs21 (21.4a+1-2ubuntu1.2) feisty-security; urgency=low * SECURITY UPDATE: buffer overflow in format function * debian/patches/fix-format-overflow.diff: fix src/editfns.c to account for precision in integer formatting (LP: #174177) * SECURITY UPDATE: temporary file race condition in vcdiff * debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp * References CVE-2007-6109 CVE-2008-1694 -- Jamie Strandboge [EMAIL PROTECTED] Thu, 01 May 2008 17:10:27 -0400 -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
This bug was fixed in the package emacs21 - 21.4a+1-5ubuntu4.1 --- emacs21 (21.4a+1-5ubuntu4.1) gutsy-security; urgency=low * SECURITY UPDATE: buffer overflow in format function * debian/patches/fix-format-overflow.diff: fix src/editfns.c to account for precision in integer formatting (LP: #174177) * SECURITY UPDATE: temporary file race condition in vcdiff * debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp * References CVE-2007-6109 CVE-2008-1694 -- Jamie Strandboge [EMAIL PROTECTED] Thu, 01 May 2008 11:12:04 -0400 ** Changed in: emacs21 (Ubuntu Feisty) Status: Fix Committed = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Also affects: emacs21 (Ubuntu) Importance: Undecided Status: New -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs22 (Ubuntu Dapper) Status: New = Invalid -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs22 (Ubuntu Gutsy) Status: New = Won't Fix -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs22 (Ubuntu Feisty) Status: New = Invalid -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs22 (Ubuntu Gutsy) Status: Won't Fix = New -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs22 (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: emacs21 (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: emacs21 (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: emacs21 (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs21 (Ubuntu Dapper) Status: In Progress = Fix Committed ** Changed in: emacs21 (Ubuntu Feisty) Status: In Progress = Fix Committed ** Changed in: emacs21 (Ubuntu Gutsy) Status: In Progress = Fix Committed ** Changed in: emacs22 (Ubuntu Gutsy) Status: In Progress = Fix Committed -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
Have there been any updates for the stable releases? -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
It looks like there was a regression introduced by the initial Debian patch. See http://bugs.debian.org/456235 for the fix. -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Changed in: emacs22 (Debian) Status: Unknown = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
** Bug watch added: Debian Bug tracker #455432 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455432 ** Also affects: emacs22 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455432 Importance: Unknown Status: Unknown -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
Thanks for the report, hk47, and thanks for the link, Reinhard. I'll prepare a fixed version later today. -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
emacs22 (22.1-0ubuntu8) hardy; urgency=low * Security fix: patches/CVE-2007-6109.diff. Patch from upstream Romain Francoise! (LP: #174177) -- Reinhard Tartler [EMAIL PROTECTED] Fri, 14 Dec 2007 15:47:26 +0100 ** Changed in: emacs22 (Ubuntu) Status: New = Fix Released -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
Sorry, I'm just cross-checking security advisories / announcements from various major GNU/Linux distributions and some other sources in my scarcely available free time and report possibly affected Ubuntu packages in Launchpad, hoping that the report gets into the right hands. For now, a quick googling for CVE-2007-6109 emacs nets no helpful results that could be more specific regarding this vulnerability. -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 174177] Re: [emacs] [CVE-2007-6109] buffer overflow
Can you point me to a place where I can find the patch for this vulnerability? I downloaded emacs-22.1-40.7.src.rpm from OpenSuSE, but couldn't find the patch that fixes this. Also, how certain is it that this effects emacs22? I noticed a couple of emacs security downloads from Novell dated at Nov. 28-29, but they were all for emacs-21. -- [emacs] [CVE-2007-6109] buffer overflow https://bugs.launchpad.net/bugs/174177 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs