Package name
emacs
Date
2013-04-08
Advisory ID
MDVSA-2013:076
Affected versions
MBS1 x86_64

Problem description

Updated emacs packages fix security vulnerabilities:

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as
used in GNU Emacs before 23.4 and other products, allows local users
to gain privileges via a crafted Lisp expression in a Project.ede
file in the directory, or a parent directory, of an opened file
(CVE-2012-0035).

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically
executes eval forms in local-variable sections when the
enable-local-variables option is set to :safe, which allows
user-assisted remote attackers to execute arbitrary Emacs Lisp code
via a crafted file (CVE-2012-3479).

Additionally a problem was fixed reading xz compressed files
(mga#7759).

Updated packages

MBS1 x86_64

 9b260e9fa159f6c68e0dee0ed0d7399f  mbs1/x86_64/emacs-23.3-9.1.mbs1.x86_64.rpm
 63eed00b5c89f6de68802b2a5bbcdcf6  mbs1/x86_64/emacs-common-23.3-9.1.mbs1.x86_64.rpm
 3459071134ceb1fc8bbcebb4c312a1f0  mbs1/x86_64/emacs-doc-23.3-9.1.mbs1.x86_64.rpm
 24e110f385b024074ea7f42e08a86c38  mbs1/x86_64/emacs-el-23.3-9.1.mbs1.noarch.rpm
 b35e183582665f3518c2ca9184a7d60a  mbs1/x86_64/emacs-leim-23.3-9.1.mbs1.x86_64.rpm
 524f81af35d86dd3d9fde1d255e6d394  mbs1/x86_64/emacs-nox-23.3-9.1.mbs1.x86_64.rpm 
 b9fd621ceca317114cc18dc60734b05b  mbs1/SRPMS/emacs-23.3-9.1.mbs1.src.rpm

References