Mandriva Linux Security Advisory - The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. A stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function.
0670aeaaf7ed63da4f33319de996785a6600f55f72e929a16394494a14c7055d
Gentoo Linux Security Advisory GLSA 200712-03 - Drake Wilson reported that the hack-local-variables() function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based buffer overflow in the format function when handling values with high precision (CVE-2007-6109). Versions less than 22.1-r3 are affected.
edd9e083b7d0b8553e48ce34609b874d047a20ca14aabaa98c9459486244286f
Ubuntu Security Notice 541-1 - Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.
a27abc831119f3d1e5386ebe434c4a48c4e70b30efd0b059d269d68288fa5e63