Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 May 2014 09:48:44 +0100
From: Steve Kemp <>
Subject: CVE Request - Predictable temporary filenames in GNU Emacs

  I reported these bugs on the Debian tracker on Monday:

  In brief some of the bundled Emacs Lisp uses predictable
 /tmpfile names insecurely:

   In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is
  used, blindly allowing the existing file to be truncated, and symlinks

   In the function `trace-call-tree` there are some horrific invocations
  of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc".

   The function `tramp-uudecode`, a fallback if a real uudecoding binary
  is not present, blindly uses "/tmp/tramp.$PID", truncating and removing
  the file.

   All these have been fixed now, and the GNU bug report contains
 links to the commits that are appropriate:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ