| Name | CVE-2017-1000383 |
| Description | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
This CVE assignment is nonsense, GNU emacs reuses the umask of the original
file when creating a backup file. That's hardly incorrect behaviour
Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182