Hi Florian, * Florian Weimer <[EMAIL PROTECTED]> [2007-12-24 22:03]: > > CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an > > unknown impact, ...) > > - TODO: check > > - NOTE: poked Marcus from Novell for the patch > > + - emacs22 <unfixed> (bug #455432) > > + - emacs21 <unfixed> (bug #455433) > > + - xemacs21 <not-affected> (Vulnerable code not present) > > I'm sorry to report that xemacs21 is affected as well. The affected > code is in src/doprnt.c: [...] > I haven't compared it to the emacs21/emacs22 code, I don't know if the > same patch applies.
Thanks very much for finding that. I did not see it when checking the xemacs code because the code is located somewhere else and the code itself is also different. This also means that we have to write our own patch or do you have one? How did you spot that? Kind regards and thanks Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpBCZUhmlYmd.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
