tags 476611 fixed-upstream quit Moritz Muehlenhoff <[EMAIL PROTECTED]> writes:
> Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs > (confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely, > which makes it possible for local attacker to conduct a symlink attack and > make the victim overwrite arbitrary file. Thanks for the report; patch merged upstream in the Emacs 22 release branch and the trunk. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
