Ubuntu Security Notice 919-1 – Dan Rosenberg discovered that the email helper in Emacs did not correctly check file permissions. A local attacker could perform a symlink race to read or append to another user’s mailbox if it was stored under a group-writable group-“mail” directory.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87773/USN-919-1.txt
Source: https://packetstormsecurity.com/files/87773/Ubuntu-Security-Notice-919-1.html