Joined: 12 May 2004
|Posted: Thu Dec 06, 2018 10:26 pm Post subject: [ glsa 201812-05 ] ede
|Gentoo Linux Security Advisory
Title: EDE: Privilege escalation (GLSA 201812-05)
A vulnerability in EDE could result in privilege escalation.
A package that simplifies the task of creating, building, and debugging
large programs with Emacs. It provides some of the features of an IDE, or
Integrated Development Environment, in Emacs.
Vulnerable: < 1.07
Unaffected: >= 1.07
Architectures: All supported architectures
An untrusted search path vulnerability was discovered in EDE.
A local attacker could escalate his privileges via a specially crafted
Lisp expression in a Project.ede file in the directory or a parent
directory of an opened file.
There is no known workaround at this time.
All EDE users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-xemacs/ede-1.07"