[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution

joey@infodrom.org (Martin Schulze) schrieb:

> Package        : xemacs21
[...]
> Max Vozeler discovered several format string vulnerabilities in the
> movemail utility of Emacs, the well-known editor.  Via connecting to a
> malicious POP server an attacker can execute arbitrary code under the
> privileges of group mail.
>
> For the stable distribution (woody) these problems have been fixed in
> version 21.4.6-8woody2.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 21.4.16-2.
>
> We recommend that you upgrade your emacs packages.

I find the text of this advisory really confusing - the subject and
Package line talk about xemacs21, the description about "Emacs, the
well-known editor" and "your emacs packages". If it isn't sufficiently
confusing to make xemacs users believe that only GNU Emacs is affected,
at least it makes GNU Emacs (emacs21) users wonder whether their editor
is affected, too.

Regards, Frank

-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: