Bug#747100: emacs23: Insecure use of temporary files in included lisp libraries/packages

[Steve Kemp]

Package: emacs23
Version: 23.4+1-4
Severity: important

There are several tempfile-vulnerabilities present in the Emacs Lisp
bundled and distributed with the emacs23 package.

Here are four brief pointers to unsafe code:

lisp/gnus/gnus-fun.el:
  In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is
 used, blindly allowing the existing file to be truncated, and symlinks
 followed.

lisp/emacs-lisp/find-gc.el:
  In the function `trace-call-tree` there are some horrific invocations
 of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc".

lisp/net/browse-url.el
  In the function `browse-url-mosaic` the file "/tmp/Mosaic.$PID" is blindly
 overwritten.  Suspect this whole function is obsolete though :)

lisp/net/tramp.el
  The function `tramp-uudecode`, a fallback if a real uudecoding binary
 is not present, blindly uses "/tmp/tramp.$PID", truncating and removing
 the file.


I suspect that each should receive a CVE identifier.


-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF8)
Shell: /bin/sh linked to /bin/dash

Versions of packages emacs23 depends on:
ii  emacs23-bin-common  23.4+1-4
ii  gconf-service       3.2.5-1+build1
ii  libasound2          1.0.25-4
ii  libatk1.0-0         2.4.0-2
ii  libc6               2.13-38+deb7u1
ii  libcairo2           1.12.2-3
ii  libdbus-1-3         1.6.8-1+deb7u1
ii  libfontconfig1      2.9.0-7.1
ii  libfreetype6        2.4.9-1.1
ii  libgconf-2-4        3.2.5-1+build1
ii  libgdk-pixbuf2.0-0  2.26.1-1
ii  libgif4             4.1.6-10
ii  libglib2.0-0        2.33.12+really2.32.4-5
ii  libgpm2             1.20.4-6
ii  libgtk2.0-0         2.24.10-2
ii  libice6             2:1.0.8-2
ii  libjpeg8            8d-1
ii  libm17n-0           1.6.3-2
ii  libncurses5         5.9-10
ii  libotf0             0.9.12-2
ii  libpango1.0-0       1.30.0-1
ii  libpng12-0          1.2.49-1
ii  librsvg2-2          2.36.1-2
ii  libsm6              2:1.2.1-2
ii  libtiff4            3.9.6-11
ii  libtinfo5           5.9-10
ii  libx11-6            2:1.5.0-1+deb7u1
ii  libxft2             2.3.1-1
ii  libxpm4             1:3.5.10-1
ii  libxrender1         1:0.9.7-1+deb7u1
ii  zlib1g              1:1.2.7.dfsg-13

emacs23 recommends no packages.

Versions of packages emacs23 suggests:
pn  emacs23-common-non-dfsg  <none>

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org