Date: Tue, 12 Sep 2017 13:25:17 +0000 (UTC) From: Ashish SHUKLA <ashish@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r449686 - head/security/vuxml Message-ID: <201709121325.v8CDPHO4032362@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ashish Date: Tue Sep 12 13:25:16 2017 New Revision: 449686 URL: https://svnweb.freebsd.org/changeset/ports/449686 Log: - Document emacs vulnerability Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Sep 12 13:01:22 2017 (r449685) +++ head/security/vuxml/vuln.xml Tue Sep 12 13:25:16 2017 (r449686) @@ -141723,6 +141723,36 @@ misc.c: <entry>2005-09-29</entry> </dates> </vuln> + + <vuln vid="47e2e52c-975c-11e7-942d-5404a68a61a2"> + <topic>emacs -- enriched text remote code execution vulnerability</topic> + <affects> + <package> + <name>emacs</name> + <range><lt>25.3,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Paul Eggert reports:</p> + <blockquote cite="http://seclists.org/oss-sec/2017/q3/422">; + <p>Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs.</p> + <p>When Emacs renders MIME text/enriched data (Internet RFC 1896), it + is vulnerable to arbitrary code execution. Since Emacs-based mail + clients decode "Content-Type: text/enriched", this code is exploitable + remotely. This bug affects GNU Emacs versions 19.29 through 25.2.</p> + </blockquote> + </body> + </description> + <references> + <url>http://seclists.org/oss-sec/2017/q3/422</url>; + <url>https://bugs.gnu.org/28350</url>; + </references> + <dates> + <discovery>2017-09-04</discovery> + <entry>2017-09-12</entry> + </dates> + </vuln> </vuxml><!-- EOF --> <!-- Note: Please add new entries to the beginning of this file. --> <!-- ex: set ts=8 tw=80 sw=2: -->
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709121325.v8CDPHO4032362>