FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362499
Date:      2014-07-21
Time:      21:36:54Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3e3c860d-7dae-11d9-a9e7-0001020eed82emacs -- movemail format string vulnerability

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs.


Discovery 2005-01-31
Entry 2005-02-14
movemail
le 1.0

zh-emacs
emacs
lt 20.7_4

gt 21.* lt 21.3_4

xemacs
xemacs-mule
zh-xemacs
zh-xemacs-mule
lt 21.4.17

xemacs-devel
lt 21.5.b19,1

xemacs-devel-21.5
eq b11

xemacs-devel-mule
lt 21.5.b19

mule-common
hanemacs
gt 0

CVE-2005-0100
12462
3e3c860d-7dae-11d9-a9e7-0001020eed82emacs -- movemail format string vulnerability

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs.


Discovery 2005-01-31
Entry 2005-02-14
movemail
le 1.0

zh-emacs
emacs
lt 20.7_4

gt 21.* lt 21.3_4

xemacs
xemacs-mule
zh-xemacs
zh-xemacs-mule
lt 21.4.17

xemacs-devel
lt 21.5.b19,1

xemacs-devel-21.5
eq b11

xemacs-devel-mule
lt 21.5.b19

mule-common
hanemacs
gt 0

CVE-2005-0100
12462
c1e5f35e-f93d-11e1-b07f-00235a5f2c9aemacs -- remote code execution vulnerability

Chong Yidong reports:

Paul Ling has found a security flaw in the file-local variables code in GNU Emacs.

When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user.

The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.


Discovery 2012-08-13
Entry 2012-09-08
Modified 2013-05-13
emacs
gt 24.* lt 24.2

gt 23.* le 23.4_2

54969
CVE-2012-3479
https://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00802.html
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
c1e5f35e-f93d-11e1-b07f-00235a5f2c9aemacs -- remote code execution vulnerability

Chong Yidong reports:

Paul Ling has found a security flaw in the file-local variables code in GNU Emacs.

When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user.

The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.


Discovery 2012-08-13
Entry 2012-09-08
Modified 2013-05-13
emacs
gt 24.* lt 24.2

gt 23.* le 23.4_2

54969
CVE-2012-3479
https://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00802.html
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155