CVE-2007-6109
Published: 7 December 2007
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
Notes
Author | Note |
---|---|
jdstrand | debian patch had regression. Also see http://bugs.debian.org/456235 per gentoo, xemacs21 21.4.x not affected, but 21.5 is. Verified all releases not affected |
Priority
Status
Package | Release | Status |
---|---|---|
emacs21 Launchpad, Ubuntu, Debian |
dapper |
Released
(21.4a-3ubuntu2.2)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Released
(21.4a+1-2ubuntu1.2)
|
|
gutsy |
Released
(21.4a+1-5ubuntu4.1)
|
|
hardy |
Released
(21.4a+1-5.2)
|
|
upstream |
Released
(21.4a+1-5.3)
|
|
emacs22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(22.1-0ubuntu5.2)
|
|
hardy |
Not vulnerable
(22.1-0ubuntu8)
|
|
upstream |
Released
(22.1+1-2.3)
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455432 |
||
xemacs21 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(21.4.18-1ubuntu1)
|
feisty |
Not vulnerable
(21.4.19-2)
|
|
gutsy |
Not vulnerable
(21.4.20-1.1)
|
|
hardy |
Not vulnerable
(21.4.21-1ubuntu3)
|
|
upstream |
Needs triage
|