The semi package includes a MIME library for GNU Emacs and XEmacs used by
the wl mail package.
Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library
for working with Internet messages included in the semi package. Temporary
files were being created without taking adequate precautions, and therefore
a local user could potentially overwrite files with the privileges of the
user running emacs. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0422 to this issue.
Users of semi are advised to upgrade to these packages, which contain
a backported patch fixing this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | noarch | semi-xemacs | < 1.14.3-8.72.EL.1 | semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm |
RedHat | any | noarch | semi | < 1.14.3-8.72.EL.1 | semi-1.14.3-8.72.EL.1.noarch.rpm |