[Secure-testing-team] [Secure-testing-commits] r7571 - data/CVE

Nico Golde debian-secure-testing+ml at ngolde.de
Mon Dec 24 22:13:31 UTC 2007

Hi Florian,
* Florian Weimer <fw at deneb.enyo.de> [2007-12-24 22:03]:
> >  CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an unknown impact, ...)
> > -	TODO: check
> > -	NOTE: poked Marcus from Novell for the patch
> > +	- emacs22 <unfixed> (bug #455432)
> > +	- emacs21 <unfixed> (bug #455433)
> > +	- xemacs21 <not-affected> (Vulnerable code not present)
> I'm sorry to report that xemacs21 is affected as well.  The affected
> code is in src/doprnt.c:
> I haven't compared it to the emacs21/emacs22 code, I don't know if the
> same patch applies.

Thanks very much for finding that. I did not see it when 
checking the xemacs code because the code is located 
somewhere else and the code itself is also different. This 
also means that we have to write our own patch or do you 
have one?

How did you spot that?
Kind regards and thanks
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071224/4b81c582/attachment.pgp 

More information about the Secure-testing-team mailing list