Mandriva Linux Security Advisory 2010-083 - lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
cd6c32014e9614e16b6f7c4de36feb10809fa7b82d925ee152775e497ece6a8b
Ubuntu Security Notice 919-1 - Dan Rosenberg discovered that the email helper in Emacs did not correctly check file permissions. A local attacker could perform a symlink race to read or append to another user's mailbox if it was stored under a group-writable group-"mail" directory.
c16d9a06cf865b85e75b47ee6aaea763de817d1884db165e3a02730f2585896c