CVE-2008-3949
Published: 22 September 2008
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
emacs21 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
| feisty |
Not vulnerable
(code not present)
|
|
| gutsy |
Not vulnerable
(code not present)
|
|
| hardy |
Not vulnerable
(code not present)
|
|
| intrepid |
Not vulnerable
(code not present)
|
|
| jaunty |
Not vulnerable
(code not present)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| upstream |
Not vulnerable
(code not present)
|
|
|
emacs22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: http://launchpadlibrarian.net/17961095/emacs-22.2-python.patch vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499568 |
||