CVE-2008-1694

NameCVE-2008-1694
Descriptionvcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs476611, 476612, 476613

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xemacs21 (PTS)stretch21.4.24-4fixed
buster21.4.24-8fixed
sid, bullseye21.4.24-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
emacs21source(unstable)21.4a+1-5.6low476612
emacs22source(unstable)22.2+2-2low476611
xemacs21source(unstable)21.4.21-4low476613

Notes

[etch] - emacs21 <no-dsa> (Minor issue)
[etch] - xemacs21 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems