Re: [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution
On Tue, Feb 08, 2005 at 04:58:36PM +0100, Frank K?ster wrote: > I find the text of this advisory really confusing - the subject and > Package line talk about xemacs21, the description about "Emacs, the > well-known editor" and "your emacs packages". If it isn't sufficiently > confusing to make xemacs users believe that only GNU Emacs is affected, > at least it makes GNU Emacs (emacs21) users wonder whether their editor > is affected, too. Both Emacs, and XEmacs are affected. Perhaps the wording was a little unfortunate though. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution
[EMAIL PROTECTED] (Martin Schulze) schrieb: > Package: xemacs21 [...] > Max Vozeler discovered several format string vulnerabilities in the > movemail utility of Emacs, the well-known editor. Via connecting to a > malicious POP server an attacker can execute arbitrary code under the > privileges of group mail. > > For the stable distribution (woody) these problems have been fixed in > version 21.4.6-8woody2. > > For the unstable distribution (sid) these problems have been fixed in > version 21.4.16-2. > > We recommend that you upgrade your emacs packages. I find the text of this advisory really confusing - the subject and Package line talk about xemacs21, the description about "Emacs, the well-known editor" and "your emacs packages". If it isn't sufficiently confusing to make xemacs users believe that only GNU Emacs is affected, at least it makes GNU Emacs (emacs21) users wonder whether their editor is affected, too. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer