Bug 773023 (CVE-2012-0035)
Summary: | CVE-2012-0035 emacs: CEDET global-ede-mode file loading vulnerability | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jonathan.underwood, loganjerry, rvokal, steve.traylen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-06-10 21:39:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 773024, 773025 | ||
Bug Blocks: |
Description
Vincent Danen
2012-01-10 17:23:00 UTC
Created emacs tracking bugs for this issue Affects: fedora-all [bug 773024] Created xemacs tracking bugs for this issue Affects: fedora-all [bug 773025] For RHEL5 and 6 xemacs is within EPEL5 and 6 and this does contain: /usr/share/xemacs/xemacs-packages/lisp/ede so checking if its really not vulnerable. The package is very close to the fedora one so I expect so. Steve. Oh, it most likely would affect xemacs in EPEL then, since it's pretty close to the version in Fedora. Again, with the upstream xemacs bug being private, it's difficult to tell whether or not xemacs is affected at all (I suspect it is, but don't know for sure). I can file an EPEL tracker for xemacs if you like (sorry, I completely missed it). emacs-23.3-8.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. emacs-23.3-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. (In reply to Steve Traylen from comment #3) > For RHEL5 and 6 xemacs is within EPEL5 and 6 and this does contain: > > /usr/share/xemacs/xemacs-packages/lisp/ede > > so checking if its really not vulnerable. The package is very close to the > fedora one so I expect so. > > Steve. Hi Steve, Did you find if xemacs in EPEL was vulnerable? From a brief look at EPEL 6 it was missing some of the files the patch changes. Should I test further or you have already done that? Thanks |