CVE-2014-9483: Infoleak
First published: Sun Dec 28 2014(Updated: )
It was reported that a left-click in Emacs sometimes modifies the PRIMARY selection. Due to this bug, a paste with a middle click in a web browser can end up in pasting private data. This flaw affects Emacs version 24.4 only. Original report (also contains a reproducer): <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774090">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774090</a> CVE request and assignment: <a href="http://www.openwall.com/lists/oss-security/2015/01/03/15">http://www.openwall.com/lists/oss-security/2015/01/03/15</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/emacs24 | <=24.4+1-5<=24.4+1-4.1 | |
| GNU Emacs | =24.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774090
- http://www.openwall.com/lists/oss-security/2015/01/03/15
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1181600
- https://bugzilla.redhat.com/show_bug.cgi?id=1181599
- http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939
- https://www.vinc17.net/
- https://www.vinc17.net/blog/
- http://debbugs.gnu.org/cgi/bugreport.cgi?bug=6872#8
- http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939#48
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99688
- collector/redhat-bugzilla
- alias/CVE-2014-9483
- collector/debian-bugs
- collector/nvd-index
- package-manager/debian
- vendor/gnu
- canonical/gnu emacs
- version/gnu emacs/24.4