CVE-2008-2142

Name	CVE-2008-2142
Description	Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	480877, 480885, 480886

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
xemacs21-packages (PTS)	buster	2009.02.17.dfsg.2-4	fixed
	bullseye	2009.02.17.dfsg.2-5	fixed
	bookworm	2009.02.17.dfsg.3-1	fixed
	sid, trixie	2009.02.17.dfsg.3-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
emacs21	source	(unstable)	21.4a+1-5.5	low	480877
emacs22	source	(unstable)	22.2+2-3	low	480885
xemacs21-packages	source	(unstable)	2009.02.17-1	low	480886

Notes

[etch] - xemacs21-packages <no-dsa> (Minor issue)
[lenny] - xemacs21-packages <no-dsa> (Minor issue)
[etch] - xemacs21 <no-dsa> (Minor issue)
[lenny] - xemacs21 <no-dsa> (Minor issue)
[etch] - emacs21 <no-dsa> (Minor issue)