CVE-2017-1000383 - log back

CVE-2017-1000383 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Information disclosure
Description
+ This CVE assignment is nonsense, GNU emacs reuses the umask of the original file when creating a backup file. That's hardly incorrect behaviour
+ Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
+
+ GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. An attacker might search for emacs backup save files in order to retrieve security sensible data.
References
+ http://www.openwall.com/lists/oss-security/2017/10/31/1
+ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
Notes
+ Reading the comments, this will most likely never get fixed upstream.