
CVE-2005-0100 – Ubuntu Security Notice 76-1
https://notcve.org/view.php?id=CVE-2005-0100
07 Feb 2005 — Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. Max Vozeler discovered a format string vulnerability in the movemail utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the mail group. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 •

CVE-2001-1301
https://notcve.org/view.php?id=CVE-2001-1301
07 Aug 2001 — rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. • http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html •