CVE-2012-3479
Published: 25 August 2012
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
Notes
Author | Note |
---|---|
jdstrand |
per upstream, 23.1 and earlier not affected |
mdeslaur |
natty is too close to EoL to be worth difficult backport, ignoring |
Priority
Status
Package | Release | Status |
---|---|---|
emacs-snapshot
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
emacs21
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
emacs22
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
emacs23
Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(23.1+1-4ubuntu7.3)
|
|
natty |
Ignored
|
|
oneiric |
Released
(23.3+1-1ubuntu4.1)
|
|
precise |
Released
(23.3+1-1ubuntu9.1)
|
|
quantal |
Released
(23.4+1-4ubuntu1)
|
|
raring |
Released
(23.4+1-4ubuntu1)
|
|
saucy |
Released
(23.4+1-4ubuntu1)
|
|
upstream |
Released
(23.4+1-4)
|
|
Patches:
vendor: http://www.debian.org/security/2013/dsa-2603 |
||
emacs24
Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Released
(24.1+1-2ubuntu3)
|
|
raring |
Released
(24.1+1-2ubuntu3)
|
|
saucy |
Released
(24.1+1-2ubuntu3)
|
|
upstream |
Released
(24.2+1-1)
|
|
Patches:
upstream: http://bzr.savannah.gnu.org/lh/emacs/emacs-24/revision/108092 |
||
xemacs21
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Needs triage
|