CVE-2008-3949

Name of the Vulnerable Software and Affected Versions Emacs versions 22.1 through 22.2

Description The issue allows local users to execute arbitrary code via a Trojan horse Python file. This occurs because emacs/lisp/progmodes/python.el in affected Emacs versions imports Python scripts from the current working directory during the editing of a Python file.

Recommendations For Emacs versions 22.1 and 22.2, consider disabling the python.el module until a patch is available to prevent the execution of arbitrary code.