emacs
Page content
- Author: voroskoi
- Vulnerable: 22.1-1
- Unaffected: 22.1-2sayshell1
Drake Wilson has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error in the “hack-local-variables” function where local variables within a file are processed in an insecure manner. This can be exploited to e.g. modify a user’s user-init-file and execute arbitrary Emacs Lisp code when a specially crafted file is opened. Successful exploitation requires that “enable-local-variables” is set to “:safe”.
- Bug Tracker URL: http://bugs.frugalware.org/task/2566