emacs -- Arbitrary shell code evaluation vulnerability

2024-06-2200:00:00

vuxml.freebsd.org

emacs

security

vulnerability

bugfix

org mode

malicious code

shell commands

unix

7.5 High

AI Score

Confidence

Low

JSON

GNU Emacs developers report:

Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchemacs< 29.3_3,3UNKNOWN
FreeBSDanynoarchemacs-canna< 29.3_3,3UNKNOWN
FreeBSDanynoarchemacs-nox< 29.3_3,3UNKNOWN
FreeBSDanynoarchemacs-wayland< 29.3_3,3UNKNOWN
FreeBSDanynoarchemacs-devel< 30.0.50.20240615_1,3UNKNOWN
FreeBSDanynoarchemacs-devel-nox< 30.0.50.20240615_1,3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	emacs	< 29.3_3,3	UNKNOWN
FreeBSD	any	noarch	emacs-canna	< 29.3_3,3	UNKNOWN
FreeBSD	any	noarch	emacs-nox	< 29.3_3,3	UNKNOWN
FreeBSD	any	noarch	emacs-wayland	< 29.3_3,3	UNKNOWN
FreeBSD	any	noarch	emacs-devel	< 30.0.50.20240615_1,3	UNKNOWN
FreeBSD	any	noarch	emacs-devel-nox	< 30.0.50.20240615_1,3	UNKNOWN

References

seclists.org/oss-sec/2024/q2/296

7.5 High

AI Score

Confidence

Low

JSON