[ubuntu/jammy-updates] emacs 1:27.1+1-3ubuntu5.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Sep 19 18:28:22 UTC 2024
emacs (1:27.1+1-3ubuntu5.2) jammy-security; urgency=medium
* SECURITY UPDATE: Command Injection
- debian/patches/CVE-2022-45939.patch: Fixed ctags local command
execute vulnerability
- debian/patches/CVE-2022-48337.patch: Fix etags local command
injection vulnerability
- debian/patches/CVE-2022-48338.patch: Fix ruby-mode.el local
command injection vulnerability (bug#60268)
- debian/patches/CVE-2022-48339.patch: Fix htmlfontify.el command
injection vulnerability.
- debian/patches/CVE-2023-28617.patch: * lisp/ob-latex.el: Fix
command injection vulnerability
- debian/patches/CVE-2024-30203-04-05-1.patch: * lisp/files.el
(untrusted-content): New variable.
- debian/patches/CVE-2024-30203-04-05-2.patch: * lisp/gnus/mm-
view.el (mm-display-inline-fontify): Mark contents untrusted.
- debian/patches/CVE-2024-30203-04-05-3.patch: org-latex-preview:
Add protection when `untrusted-content' is non-nil
- debian/patches/CVE-2024-30203-04-05-4.patch: org-file-contents:
Consider all remote files unsafe
- debian/patches/CVE-2024-39331.patch: org-link-expand-abbrev: Do
not evaluate arbitrary unsafe Elisp code (LP: #2070418)
- CVE-2022-45939
- CVE-2022-48337
- CVE-2022-48338
- CVE-2022-48339
- CVE-2023-28617
- CVE-2024-30203
- CVE-2024-30204
- CVE-2024-30205
- CVE-2024-39331
Date: 2024-09-17 09:11:11.308723+00:00
Changed-By: Allen Huang <allen.huang at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/emacs/1:27.1+1-3ubuntu5.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list