CVE-2007-5795
Published: 2 November 2007
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
Priority
Status
Package | Release | Status |
---|---|---|
emacs21 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
dapper |
Not vulnerable
|
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
emacs22 Launchpad, Ubuntu, Debian |
upstream |
Released
(22.1+1-2.1)
|
dapper |
Does not exist
|
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(22.1-0ubuntu5.1)
|