Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Jan 2012 18:32:22 +0100
From: David Engster <>
To: Chong Yidong <>
Cc: Kurt Seifried <>,,,  "Steven M. Christey" <>, "Eric M. Ludlam" <>
Subject: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability

Chong Yidong writes:
> Kurt Seifried <> writes:
>> I'll assign this a CVE once I have determined the code base status (are
>> these considered the same codebase, or have they forked enough to be
>> considered separate code bases? Also I need to ensure this hasn't
>> already been assigned a CVE. CC'ing relevant developers as well.
> No, this hasn't already been assigned a CVE.  The upstream CEDET 1.0 is
> largely the same codebase as the CEDET distributed in Emacs.  The
> version in Emacs omits some CEDET components, and added some plumbing to
> integrate CEDET into the Emacs build system.  But the main part of the
> Emacs Lisp code, including the part affected by this flaw, is the same.
> David, could you write up a version of the fix that applies to the CEDET
> 1.0 tarball?  I think distributors who package CEDET will want it.

A patch for cedet-1.0 was posted here:

In the meantime, Eric published a bugfix-release cedet-1.0.1, so
distributors should upgrade to that.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ