Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5795 to the following vulnerability: The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
emacs-22.1-8.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update emacs'
This issue only affected emacs as of version 22. This issue did not affect versions of emacs packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Updates for Fedora 7 and Fedora 8 were build and will be pushed to stable repository shortly.
emacs-22.1-5.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update emacs'
emacs-22.1-8.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
emacs-22.1-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.