Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-6109

Published: 7 December 2007

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.

Notes

AuthorNote
jdstrand
debian patch had regression. Also see http://bugs.debian.org/456235
per gentoo, xemacs21 21.4.x not affected, but 21.5 is. Verified all
releases not affected

Priority

Medium

Status

Package Release Status
emacs21
Launchpad, Ubuntu, Debian
dapper
Released (21.4a-3ubuntu2.2)
edgy Ignored
(end of life, was needed)
feisty
Released (21.4a+1-2ubuntu1.2)
gutsy
Released (21.4a+1-5ubuntu4.1)
hardy
Released (21.4a+1-5.2)
upstream
Released (21.4a+1-5.3)
emacs22
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Does not exist

gutsy
Released (22.1-0ubuntu5.2)
hardy Not vulnerable
(22.1-0ubuntu8)
upstream
Released (22.1+1-2.3)
Patches:
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455432
xemacs21
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(21.4.18-1ubuntu1)
feisty Not vulnerable
(21.4.19-2)
gutsy Not vulnerable
(21.4.20-1.1)
hardy Not vulnerable
(21.4.21-1ubuntu3)
upstream Needs triage