Package "emacs"
| Name: |
emacs
|
Description: |
GNU Emacs editor (metapackage)
|
| Latest version: |
1:27.1+1-3ubuntu5.2 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
| Homepage: |
https://www.gnu.org/software/emacs/ |
Links
Download "emacs"
Other versions of "emacs" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
emacs (1:27.1+1-3ubuntu5.2) jammy-security; urgency=medium
* SECURITY UPDATE: Command Injection
- debian/patches/CVE-2022-45939.patch: Fixed ctags local command
execute vulnerability
- debian/patches/CVE-2022-48337.patch: Fix etags local command
injection vulnerability
- debian/patches/CVE-2022-48338.patch: Fix ruby-mode.el local
command injection vulnerability (bug#60268)
- debian/patches/CVE-2022-48339.patch: Fix htmlfontify.el command
injection vulnerability.
- debian/patches/CVE-2023-28617.patch: * lisp/ob-latex.el: Fix
command injection vulnerability
- debian/patches/CVE-2024-30203-04-05-1.patch: * lisp/files.el
(untrusted-content): New variable.
- debian/patches/CVE-2024-30203-04-05-2.patch: * lisp/gnus/mm-
view.el (mm-display-inline-fontify): Mark contents untrusted.
- debian/patches/CVE-2024-30203-04-05-3.patch: org-latex-preview:
Add protection when `untrusted-content' is non-nil
- debian/patches/CVE-2024-30203-04-05-4.patch: org-file-contents:
Consider all remote files unsafe
- debian/patches/CVE-2024-39331.patch: org-link-expand-abbrev: Do
not evaluate arbitrary unsafe Elisp code (LP: #2070418)
- CVE-2022-45939
- CVE-2022-48337
- CVE-2022-48338
- CVE-2022-48339
- CVE-2023-28617
- CVE-2024-30203
- CVE-2024-30204
- CVE-2024-30205
- CVE-2024-39331
-- Allen Huang <email address hidden> Thu, 12 Sep 2024 11:23:44 +0100
|
| 2070418 |
Security vulnerability, arbitrary shell commands can run when turning on org-mode |
| CVE-2022-45939 |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses |
| CVE-2022-48337 |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses |
| CVE-2022-48338 |
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. |
| CVE-2022-48339 |
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the para |
| CVE-2023-28617 |
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or dire |
| CVE-2024-30203 |
In Emacs before 29.3, Gnus treats inline MIME contents as trusted. |
| CVE-2024-39331 |
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-comm |
| CVE-2024-30204 |
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. |
| CVE-2024-30205 |
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. |
|
About
-
Send Feedback to @ubuntu_updates
