Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 May 2014 09:48:44 +0100
From: Steve Kemp <>
Subject: CVE Request - Predictable temporary filenames in GNU Emacs

  I reported these bugs on the Debian tracker on Monday:

  In brief some of the bundled Emacs Lisp uses predictable
 /tmpfile names insecurely:

   In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is
  used, blindly allowing the existing file to be truncated, and symlinks

   In the function `trace-call-tree` there are some horrific invocations
  of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc".

   The function `tramp-uudecode`, a fallback if a real uudecoding binary
  is not present, blindly uses "/tmp/tramp.$PID", truncating and removing
  the file.

   All these have been fixed now, and the GNU bug report contains
 links to the commits that are appropriate:


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.