A vulnerability in EDE could result in privilege escalation.
Package | app-xemacs/ede on all architectures |
---|---|
Affected versions | < 1.07 |
Unaffected versions | >= 1.07 |
A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs.
An untrusted search path vulnerability was discovered in EDE.
A local attacker could escalate his privileges via a specially crafted Lisp expression in a Project.ede file in the directory or a parent directory of an opened file.
There is no known workaround at this time.
All EDE users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-xemacs/ede-1.07"
Release date
December 06, 2018
Latest revision
December 06, 2018: 1
Severity
normal
Exploitable
local
Bugzilla entries