emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | emacs | < 28.2-r5 | UNKNOWN |
Alpine | 3.17-community | noarch | emacs | < 28.2-r2 | UNKNOWN |
Alpine | 3.18-community | noarch | emacs | < 28.2-r5 | UNKNOWN |
Alpine | 3.19-community | noarch | emacs | < 28.2-r5 | UNKNOWN |