Updated semi packages that fix vulnerabilities in semi's temporary file handling are now available for Red Hat Linux 7.1, 7.2, and 7.3.
semi is a MIME library for GNU Emacs and XEmacs used by the wl mail package. A vulnerability in semi version 1.14.3 and earlier allows an attacker to overwrite arbitrary files with potentially arbitrary contents using the privileges of the user running Emacs and semi. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0440 to this issue. Users of semi are advised to upgrade to these packages, which contain a backported patch correcting this issue.