(RHSA-2004:344) semi security update

ID RHSA-2004:344
Type redhat
Reporter RedHat
Modified 2018-03-14T19:27:19


The semi package includes a MIME library for GNU Emacs and XEmacs used by the wl mail package.

Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with Internet messages included in the semi package. Temporary files were being created without taking adequate precautions, and therefore a local user could potentially overwrite files with the privileges of the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0422 to this issue.

Users of semi are advised to upgrade to these packages, which contain a backported patch fixing this issue.