| Package: | emacs |
| Date: | 2008-04-14 |
| Vulnerable version: | 22.1-2 |
| Unaffected version: | 22.1-3kalgan1 |
| Bug tracker entry: | http://bugs.frugalware.org/task/3006 |
| CVEs: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694 |
| Description: | Steve Grubb discovered that vcdiff script as shipped with Emacs uses temporary files insecurely, which makes it possible for local attacker to conduct a symlink attack and make the victim overwrite arbitrary file. |
