Re: CVE request for emacs possibly

[cve-assign () mitre org]

On Tue, 30 Dec 2014, Kurt Seifried wrote:

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774090
>
> From: Vincent Lefevre <vincent () vinc17 net>
> To: 774090 () bugs debian org
> Subject: Re: emacs24: a left-click in Emacs sometimes modifies the
> PRIMARY selection
> Date: Mon, 29 Dec 2014 18:58:55 +0100
> Control: tags -1 security
>
> On 2014-12-28 16:29:12 +0100, Vincent Lefevre wrote:
> > Note: This bug occurs very often and is very annoying, as one needs
> > to reselect what was selected (sometimes hardly possible). Moreover
> > the wrongly pasted text is similar to the correct text[*], meaning
> > that if one doesn't pay attention, one gets a file with permanently
> > incorrect data!
>
> Grrr... That's also a security problem. Due to this bug, a paste with
> a middle click in a web browser can end up in pasting private data!
> And Javascript can provide the pasted text to the web site immediately
> (Facebook does that), before the user can notice the problem.

Use CVE-2014-9483.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]