Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 09 Jan 2012 22:37:53 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Chong Yidong <cyd@....org>, deng@...domsample.de, ulm@...too.org,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: Re: CVE Request: CEDET/Emacs global-ede-mode file
 loading vulnerability

On 01/09/2012 08:54 PM, Chong Yidong wrote:
> Kurt Seifried <kseifried@...hat.com> writes:
>
>> I'll assign this a CVE once I have determined the code base status (are
>> these considered the same codebase, or have they forked enough to be
>> considered separate code bases? Also I need to ensure this hasn't
>> already been assigned a CVE. CC'ing relevant developers as well.
> No, this hasn't already been assigned a CVE.  The upstream CEDET 1.0 is
> largely the same codebase as the CEDET distributed in Emacs.  The
> version in Emacs omits some CEDET components, and added some plumbing to
> integrate CEDET into the Emacs build system.  But the main part of the
> Emacs Lisp code, including the part affected by this flaw, is the same.
>
> David, could you write up a version of the fix that applies to the CEDET
> 1.0 tarball?  I think distributors who package CEDET will want it.
Please use CVE-2012-0035 for this issue (for both Emacs and CEDET).

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ