CVE-2017-1000383

Source
Severity Medium
Remote No
Type Information disclosure
Description
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. An attacker might search for emacs backup save files in order to retrieve security sensible data.
Group Package Affected Fixed Severity Status Ticket
AVG-637 emacs-nox 25.3-1 Medium Vulnerable
AVG-636 emacs 25.3-3 Medium Vulnerable
References
http://www.openwall.com/lists/oss-security/2017/10/31/1