Ubuntu Security Notice USN-919-1 reports:
---Dan Rosenberg discovered that the email helper in Emacs - did not correctly check file permissions. A local - attacker could perform a symlink race to read or append - to another user's mailbox if it was stored under a - group-writable group-"mail" directory.
-
The movemail program, which provides this functionality - to Emacs, can also be installed on FreeBSD via the movemail - port. This port is therefore, in addition to Emacs, also - vulnerable to this attack.
- -