[Secure-testing-team] [Secure-testing-commits] r7571 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Mon Dec 24 22:13:31 UTC 2007
Hi Florian,
* Florian Weimer <fw at deneb.enyo.de> [2007-12-24 22:03]:
> > CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an unknown impact, ...)
> > - TODO: check
> > - NOTE: poked Marcus from Novell for the patch
> > + - emacs22 <unfixed> (bug #455432)
> > + - emacs21 <unfixed> (bug #455433)
> > + - xemacs21 <not-affected> (Vulnerable code not present)
>
> I'm sorry to report that xemacs21 is affected as well. The affected
> code is in src/doprnt.c:
[...]
> I haven't compared it to the emacs21/emacs22 code, I don't know if the
> same patch applies.
Thanks very much for finding that. I did not see it when
checking the xemacs code because the code is located
somewhere else and the code itself is also different. This
also means that we have to write our own patch or do you
have one?
How did you spot that?
Kind regards and thanks
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071224/4b81c582/attachment.pgp
More information about the Secure-testing-team
mailing list