CVE-2017-1000383 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Information disclosure
Description	This CVE assignment is nonsense, GNU emacs reuses the umask of the original file when creating a backup file. That's hardly incorrect behaviour Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182 GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. An attacker might search for emacs backup save files in order to retrieve security sensible data.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-637	emacs-nox	26.1-1		Low	Not affected
AVG-636	emacs	26.1-3		Low	Not affected

References
http://www.openwall.com/lists/oss-security/2017/10/31/1 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182

Notes
Reading the comments, this will most likely never get fixed upstream.