CVE-2008-1694

Publication date 22 April 2008

Last updated 24 July 2024

Ubuntu priority

Why this priority?

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
emacs21	9.10 karmic	Not in release
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 21.4a+1-5.3ubuntu1.1
	7.10 gutsy	Fixed 21.4a+1-5ubuntu4.1
	7.04 feisty	Fixed 21.4a+1-2ubuntu1.2
	6.06 LTS dapper	Fixed 21.4a-3ubuntu2.2
emacs22	9.10 karmic	Fixed 22.2-0ubuntu2
	9.04 jaunty	Fixed 22.2-0ubuntu2
	8.10 intrepid	Fixed 22.2-0ubuntu2
	8.04 LTS hardy	Fixed 22.1-0ubuntu10.1
	7.10 gutsy	Fixed 22.1-0ubuntu5.2
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
xemacs21	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 21.4.21-1ubuntu3.1
	7.10 gutsy	Fixed 21.4.20-1.1ubuntu0.1
	7.04 feisty	Fixed 21.4.19-2ubuntu0.1
	6.06 LTS dapper	Fixed 21.4.18-1ubuntu1.1

References

Related Ubuntu Security Notices (USN)

USN-607-1
Emacs vulnerabilities
6 May 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1694