emacs-27.2-6.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10735-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z emacs-27.2-6.2 on GA media These are all security issues fixed in the emacs-27.2-6.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10735 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-5795/ SUSE CVE CVE-2007-5795 page https://www.suse.com/security/cve/CVE-2017-7476/ SUSE CVE CVE-2017-7476 page openSUSE Tumbleweed emacs-27.2-6.2 emacs-el-27.2-6.2 emacs-info-27.2-6.2 emacs-nox-27.2-6.2 emacs-x11-27.2-6.2 etags-27.2-6.2 emacs-27.2-6.2 as a component of openSUSE Tumbleweed emacs-el-27.2-6.2 as a component of openSUSE Tumbleweed emacs-info-27.2-6.2 as a component of openSUSE Tumbleweed emacs-nox-27.2-6.2 as a component of openSUSE Tumbleweed emacs-x11-27.2-6.2 as a component of openSUSE Tumbleweed etags-27.2-6.2 as a component of openSUSE Tumbleweed The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. CVE-2007-5795 openSUSE Tumbleweed:emacs-27.2-6.2 openSUSE Tumbleweed:emacs-el-27.2-6.2 openSUSE Tumbleweed:emacs-info-27.2-6.2 openSUSE Tumbleweed:emacs-nox-27.2-6.2 openSUSE Tumbleweed:emacs-x11-27.2-6.2 openSUSE Tumbleweed:etags-27.2-6.2 moderate 6.3 AV:L/AC:M/Au:N/C:N/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5795.html CVE-2007-5795 https://bugzilla.suse.com/339033 SUSE Bug 339033 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. CVE-2017-7476 openSUSE Tumbleweed:emacs-27.2-6.2 openSUSE Tumbleweed:emacs-el-27.2-6.2 openSUSE Tumbleweed:emacs-info-27.2-6.2 openSUSE Tumbleweed:emacs-nox-27.2-6.2 openSUSE Tumbleweed:emacs-x11-27.2-6.2 openSUSE Tumbleweed:etags-27.2-6.2 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7476.html CVE-2017-7476 https://bugzilla.suse.com/1036636 SUSE Bug 1036636 https://bugzilla.suse.com/1037124 SUSE Bug 1037124 https://bugzilla.suse.com/1037125 SUSE Bug 1037125 https://bugzilla.suse.com/1037142 SUSE Bug 1037142