Bug 152765 - CAN-2004-0422 semi contains flim vulnerability
CAN-2004-0422 semi contains flim vulnerability
Status: CLOSED DUPLICATE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-23 13:57 EDT by Marc Deslauriers
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:40 EST
The semi package includes a MIME library for GNU Emacs and XEmacs used by
the wl mail package.

Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library
for working with Internet messages included in the semi package. Temporary
files were being created without taking adequate precautions, and therefore
a local user could potentially overwrite files with the privileges of the
user running emacs.

https://rhn.redhat.com/errata/RHSA-2004-344.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0422



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-08-30 08:47:02 ----

It would appear that under AS2.1, flim and semi are part of the same package,
denoted semi, whereas on RH7.3 semi and flim are two separate RPMs. This
vulnerability is fixed for 7.3 in:
flim-1.14.4-4.7x.legacy



------- Additional Comments From marcdeslauriers@videotron.ca 2004-08-30 14:00:09 ----

You're right.

*** This bug has been marked as a duplicate of 1581 ***



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 2004 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2004
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.