[Secure-testing-team] [Secure-testing-commits] r7571 - data/CVE
debian-secure-testing+ml at ngolde.de
Mon Dec 24 22:13:31 UTC 2007
* Florian Weimer <fw at deneb.enyo.de> [2007-12-24 22:03]:
> > CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an unknown impact, ...)
> > - TODO: check
> > - NOTE: poked Marcus from Novell for the patch
> > + - emacs22 <unfixed> (bug #455432)
> > + - emacs21 <unfixed> (bug #455433)
> > + - xemacs21 <not-affected> (Vulnerable code not present)
> I'm sorry to report that xemacs21 is affected as well. The affected
> code is in src/doprnt.c:
> I haven't compared it to the emacs21/emacs22 code, I don't know if the
> same patch applies.
Thanks very much for finding that. I did not see it when
checking the xemacs code because the code is located
somewhere else and the code itself is also different. This
also means that we have to write our own patch or do you
How did you spot that?
Kind regards and thanks
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071224/4b81c582/attachment.pgp
More information about the Secure-testing-team