CVE-2007-5795

Currently unrated

Key Information:

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 2 November 2007

Summary

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

x_refsource_CONFIRM

http://secunia.com/advisories/27984

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 2, 2007
Vulnerability Reserved
Nov 2, 2007