CVE-2008-3949
Published: 22 September 2008
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
Priority
Status
Package | Release | Status |
---|---|---|
emacs21 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
feisty |
Not vulnerable
(code not present)
|
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(code not present)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Not vulnerable
(code not present)
|
|
emacs22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://launchpadlibrarian.net/17961095/emacs-22.2-python.patch vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499568 |