Ubuntu Security Notice USN-541-1 November 13, 2007==========20================================================= emacs22 vulnerability CVE-2007-5795 ========================================================== A security issue affects the following Ubuntu releases:
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 7.10: emacs22 22.1-0ubuntu5.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.