svn commit: r449686 - head/security/vuxml

[Ashish SHUKLA]

Author: ashish
Date: Tue Sep 12 13:25:16 2017
New Revision: 449686
URL: https://svnweb.freebsd.org/changeset/ports/449686

Log:
  - Document emacs vulnerability

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Sep 12 13:01:22 2017	(r449685)
+++ head/security/vuxml/vuln.xml	Tue Sep 12 13:25:16 2017	(r449686)
@@ -141723,6 +141723,36 @@ misc.c:
       <entry>2005-09-29</entry>
     </dates>
   </vuln>
+
+  <vuln vid="47e2e52c-975c-11e7-942d-5404a68a61a2">
+    <topic>emacs -- enriched text remote code execution vulnerability</topic>
+    <affects>
+      <package>
+	<name>emacs</name>
+	<range><lt>25.3,3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Paul Eggert reports:</p>
+	<blockquote cite="http://seclists.org/oss-sec/2017/q3/422">
+	  <p>Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs.</p>
+	  <p>When Emacs renders MIME text/enriched data (Internet RFC 1896), it
+	  is vulnerable to arbitrary code execution. Since Emacs-based mail
+	  clients decode "Content-Type: text/enriched", this code is exploitable
+	  remotely. This bug affects GNU Emacs versions 19.29 through 25.2.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://seclists.org/oss-sec/2017/q3/422</url>
+      <url>https://bugs.gnu.org/28350</url>
+    </references>
+    <dates>
+      <discovery>2017-09-04</discovery>
+      <entry>2017-09-12</entry>
+    </dates>
+  </vuln>
 </vuxml><!-- EOF -->
 <!-- Note:  Please add new entries to the beginning of this file. -->
 <!-- ex: set ts=8 tw=80 sw=2: -->