openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)

This update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs : - Add fix for bnc775993 which disable arbitrary lisp code execution when 'enable-local-variables' is set to ':safe' CVE-2012-3479 - Add fix for bnc780653 to allow emacs to parse tar archives with PAX extended...

GNU Emacs: Multiple vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory CVE-2012-0035. When...

Debian DSA-2603-1 : emacs23 - programming error

Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to 'safe'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2603. The...

[SECURITY] [DSA 2603-1] emacs23 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2603-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 09, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2603-1 (emacs23 - programming error)

Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to safe . OpenVAS Vulnerability Test $Id: deb2603.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2603-1 using nvtgen 1.0 Script version: 1.0 Author:...

Ubuntu: Security Advisory (USN-1586-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 11.10 / 12.04 LTS : emacs23 vulnerabilities (USN-1586-1)

Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. CVE-2012-0035 Paul Ling discovered that Emacs incorrectly handled...

Slackware: Security Advisory (SSA:2012-228-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Advisory SSA:2012-228-02 emacs

The remote host is missing an update as announced via advisory SSA:2012-228-02. OpenVAS Vulnerability Test $Id: esoftslkssa201222802.nasl 6581 2017-07-06 13:58:51Z cfischer $ Description: Auto-generated from advisory SSA:2012-228-02 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: emacs

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: emacs

The remote host is missing an update to the system as announced in the referenced advisory. VID c1e5f35e-f93d-11e1-b07f-00235a5f2c9a OpenVAS Vulnerability Test $ Description: Auto generated from VID c1e5f35e-f93d-11e1-b07f-00235a5f2c9a Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Fedora Update for emacs FEDORA-2012-11876

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-3479

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file...

CVE-2012-3479

CVE-2012-3479 affects GNU Emacs up to version 24.1, where lisp/files.el can trigger eval forms in local-variable sections when enable-local-variables is set to :safe. This permits a remote attacker-curated file to execute arbitrary Emacs Lisp code. Multiple advisories and NASL/Gentoo/OpenVAS entr...

CVE-2012-3479

Removed by vendor...

CVE-2012-3479

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file...

Fedora 17 : emacs-24.1-4.fc17 (2012-11876)

CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean a...

Fedora 16 : emacs-23.3-10.fc16 (2012-11872)

CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean a...

[slackware-security] emacs (SSA:2012-228-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security emacs SSA:2012-228-02 New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

[slackware-security] emacs

New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/emacs-23.3-i486-2slack13.37.txz: Rebuilt. Patched to fix a security flaw in the file-local variables code. When the Emacs use...