Updated semi packages that fix vulnerabilities in flim temporary file handling are now available.
The semi package includes a MIME library for GNU Emacs and XEmacs used by the wl mail package. Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with Internet messages included in the semi package. Temporary files were being created without taking adequate precautions, and therefore a local user could potentially overwrite files with the privileges of the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0422 to this issue. Users of semi are advised to upgrade to these packages, which contain a backported patch fixing this issue.