A vulnerability in EDE could result in privilege escalation.
|Package||app-xemacs/ede on all architectures|
|Affected versions||< 1.07|
|Unaffected versions||>= 1.07|
A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs.
An untrusted search path vulnerability was discovered in EDE.
A local attacker could escalate his privileges via a specially crafted Lisp expression in a Project.ede file in the directory or a parent directory of an opened file.
There is no known workaround at this time.
All EDE users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-xemacs/ede-1.07"
December 06, 2018
December 06, 2018: 1