UbuntuUpdates.org

Package "emacs-lucid"

Name: emacs-lucid

Description:

GNU Emacs editor (with Lucid GUI support)

Latest version: 1:27.1+1-3ubuntu5.2
Release: jammy (22.04)
Level: security
Repository: universe
Head package: emacs
Homepage: https://www.gnu.org/software/emacs/

Links


Download "emacs-lucid"


Other versions of "emacs-lucid" in Jammy

Repository Area Version
base universe 1:27.1+1-3ubuntu5
updates universe 1:27.1+1-3ubuntu5.2

Changelog

Version: 1:27.1+1-3ubuntu5.2 2024-09-19 18:06:59 UTC

  emacs (1:27.1+1-3ubuntu5.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Command Injection
    - debian/patches/CVE-2022-45939.patch: Fixed ctags local command
    execute vulnerability
    - debian/patches/CVE-2022-48337.patch: Fix etags local command
    injection vulnerability
    - debian/patches/CVE-2022-48338.patch: Fix ruby-mode.el local
    command injection vulnerability (bug#60268)
    - debian/patches/CVE-2022-48339.patch: Fix htmlfontify.el command
    injection vulnerability.
    - debian/patches/CVE-2023-28617.patch: * lisp/ob-latex.el: Fix
    command injection vulnerability
    - debian/patches/CVE-2024-30203-04-05-1.patch: * lisp/files.el
    (untrusted-content): New variable.
    - debian/patches/CVE-2024-30203-04-05-2.patch: * lisp/gnus/mm-
    view.el (mm-display-inline-fontify): Mark contents untrusted.
    - debian/patches/CVE-2024-30203-04-05-3.patch: org-latex-preview:
    Add protection when `untrusted-content' is non-nil
    - debian/patches/CVE-2024-30203-04-05-4.patch: org-file-contents:
    Consider all remote files unsafe
    - debian/patches/CVE-2024-39331.patch: org-link-expand-abbrev: Do
    not evaluate arbitrary unsafe Elisp code (LP: #2070418)
    - CVE-2022-45939
    - CVE-2022-48337
    - CVE-2022-48338
    - CVE-2022-48339
    - CVE-2023-28617
    - CVE-2024-30203
    - CVE-2024-30204
    - CVE-2024-30205
    - CVE-2024-39331

 -- Allen Huang <email address hidden> Thu, 12 Sep 2024 11:23:44 +0100

2070418 Security vulnerability, arbitrary shell commands can run when turning on org-mode
CVE-2022-45939 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses
CVE-2022-48337 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses
CVE-2022-48338 An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability.
CVE-2022-48339 An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the para
CVE-2023-28617 org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or dire
CVE-2024-30203 In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVE-2024-39331 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-comm
CVE-2024-30204 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVE-2024-30205 In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.



About   -   Send Feedback to @ubuntu_updates