CVE-2017-1000383

NameCVE-2017-1000383
DescriptionGNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Notes

This CVE assignment is nonsense, GNU emacs reuses the umask of the original
file when creating a backup file. That's hardly incorrect behaviour
Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182

Search for package or bug name: Reporting problems