Lucene search
HistoryJun 23, 2024 - 10:15 p.m.
CVE-2024-39331
emacs
org-link-expand-abbrev
bug
unsafe function
expansion
org mode
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(…) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
References
git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
list.orgmode.org/87sex5gdqc.fsf%40localhost/
lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html
news.ycombinator.com/item?id=40768225
www.openwall.com/lists/oss-security/2024/06/23/1
www.openwall.com/lists/oss-security/2024/06/23/2
Related
nessus
nessus
Debian dsa-5719 : emacs - security update
2024-06-25 00:00:00
Debian dsa-5718 : elpa-org - security update
2024-06-25 00:00:00
osv
osv
emacs - security update
2024-06-25 00:00:00
org-mode - security update
2024-06-25 00:00:00
cvelist
cvelist
CVE-2024-39331
2024-06-23 00:00:00
nvd
nvd
CVE-2024-39331
2024-06-23 22:15:09
ubuntucve
ubuntucve
CVE-2024-39331
2024-06-25 00:00:00
debiancve
debiancve
CVE-2024-39331
2024-06-23 22:15:09
redhatcve
redhatcve
CVE-2024-39331
2024-06-24 13:53:33