PublicDate: 2007-12-07 11:46:00 UTC
Candidate: CVE-2007-6109
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
 https://ubuntu.com/security/notices/USN-607-1
Description:
 Stack-based buffer overflow in emacs allows user-assisted attackers to
 cause a denial of service (application crash) and possibly have unspecified
 other impact via a large precision value in an integer format string
 specifier to the format function, as demonstrated via a certain "emacs
 -batch -eval" command line.
Ubuntu-Description:
Notes:
 jdstrand> debian patch had regression. Also see http://bugs.debian.org/456235
 jdstrand> per gentoo, xemacs21 21.4.x not affected, but 21.5 is. Verified all
   releases not affected
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/emacs22/+bug/174177
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 
Patches_emacs22:
 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455432

upstream_emacs22: released (22.1+1-2.3)
dapper_emacs22: DNE
edgy_emacs22: DNE
feisty_emacs22: DNE
gutsy_emacs22: released (22.1-0ubuntu5.2)
hardy_emacs22: not-affected (22.1-0ubuntu8)
devel_emacs22: not-affected (22.1-0ubuntu8)

upstream_emacs21: released (21.4a+1-5.3)
dapper_emacs21: released (21.4a-3ubuntu2.2)
edgy_emacs21: needed (reached end-of-life)
feisty_emacs21: released (21.4a+1-2ubuntu1.2)
gutsy_emacs21: released (21.4a+1-5ubuntu4.1)
hardy_emacs21: released (21.4a+1-5.2)
devel_emacs21: released (21.4a+1-5.2)

upstream_xemacs21: needs-triage
dapper_xemacs21: not-affected (21.4.18-1ubuntu1)
feisty_xemacs21: not-affected (21.4.19-2)
gutsy_xemacs21: not-affected (21.4.20-1.1)
hardy_xemacs21: not-affected (21.4.21-1ubuntu3)
devel_xemacs21: not-affected (21.4.21-1ubuntu3)