Ubuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
b1a143cfe46623a250bf87dac1a2b5dd06fcd07b59c77dfbdc86e49fe5a2b5bc
Mandriva Linux Security Advisory - The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. A stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function.
0670aeaaf7ed63da4f33319de996785a6600f55f72e929a16394494a14c7055d
Gentoo Linux Security Advisory GLSA 200712-03 - Drake Wilson reported that the hack-local-variables() function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based buffer overflow in the format function when handling values with high precision (CVE-2007-6109). Versions less than 22.1-r3 are affected.
edd9e083b7d0b8553e48ce34609b874d047a20ca14aabaa98c9459486244286f