[emacs] [CVE-2007-6109] buffer overflow

Can you point me to a place where I can find the patch for this vulnerability? I downloaded emacs-22.1-40.7.src.rpm from OpenSuSE, but couldn't find the patch that fixes this. Also, how certain is it that this effects emacs22? I noticed a couple of emacs security downloads from Novell dated at Nov. 28-29, but they were all for emacs-21.

Sorry, I'm just cross-checking security advisories / announcements from various major GNU/Linux distributions and some other sources in my scarcely available free time and report possibly affected Ubuntu packages in Launchpad, hoping that the report gets into the right hands.

For now, a quick googling for "CVE-2007-6109 emacs" nets no helpful results that could be more specific regarding this vulnerability.

Thanks for the report, hk47, and thanks for the link, Reinhard. I'll prepare a fixed version later today.

emacs22 (22.1-0ubuntu8) hardy; urgency=low

  * Security fix: patches/CVE-2007-6109.diff. Patch from upstream Romain
    Francoise! (LP: #174177)

 -- Reinhard Tartler <email address hidden> Fri, 14 Dec 2007 15:47:26 +0100

It looks like there was a regression introduced by the initial Debian patch. See <http://bugs.debian.org/456235> for the fix.

Have there been any updates for the stable releases?

This bug was fixed in the package emacs22 - 22.1-0ubuntu5.2

---------------
emacs22 (22.1-0ubuntu5.2) gutsy-security; urgency=low

  * SECURITY UPDATE: buffer overflow in format function
  * debian/patches/fix-format-overflow.diff: fix src/editfns.c to account
    for precision in integer formatting (LP: #174177)
  * SECURITY UPDATE: temporary file race condition in vcdiff
  * debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use
    mktemp
  * References
    CVE-2007-6109
    CVE-2008-1694

 -- Jamie Strandboge <email address hidden> Thu, 01 May 2008 10:58:07 -0400

This bug was fixed in the package emacs21 - 21.4a+1-5ubuntu4.1

---------------
emacs21 (21.4a+1-5ubuntu4.1) gutsy-security; urgency=low

  * SECURITY UPDATE: buffer overflow in format function
  * debian/patches/fix-format-overflow.diff: fix src/editfns.c to account
    for precision in integer formatting (LP: #174177)
  * SECURITY UPDATE: temporary file race condition in vcdiff
  * debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use
    mktemp
  * References
    CVE-2007-6109
    CVE-2008-1694

 -- Jamie Strandboge <email address hidden> Thu, 01 May 2008 11:12:04 -0400

This bug was fixed in the package emacs21 - 21.4a+1-2ubuntu1.2

---------------
emacs21 (21.4a+1-2ubuntu1.2) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overflow in format function
  * debian/patches/fix-format-overflow.diff: fix src/editfns.c to account
    for precision in integer formatting (LP: #174177)
  * SECURITY UPDATE: temporary file race condition in vcdiff
  * debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use
    mktemp
  * References
    CVE-2007-6109
    CVE-2008-1694

 -- Jamie Strandboge <email address hidden> Thu, 01 May 2008 17:10:27 -0400

http://www.ubuntu.com/usn/usn-607-1

Intrepid is still vulnerable to CVE-2008-1694.

This bug was fixed in the package emacs22 - 22.2-0ubuntu2

---------------
emacs22 (22.2-0ubuntu2) intrepid; urgency=low

  * SECURITY UPDATE: temporary file race condition in vcdiff (LP: #174177)
  * debian/patches/fix-vcdiff-tmp-race.diff: update lib-src/vcdiff to use
    mktemp
  * References
    CVE-2008-1694

 -- Jamie Strandboge <email address hidden> Thu, 04 Sep 2008 09:27:58 -0500