Source: emacs Version: 1:28.2+1-11 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi No CVEs are yet assigned for the the following two issues: | emacsclient-mail.desktop is vulnerable to shell command | injections and Emacs Lisp injections through a crafted | mailto: URI. See: https://www.openwall.com/lists/oss-security/2023/03/08/2 Fixes: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467 http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc Those do not affect older versions in bullseye. Making it RC for bookworm and have a fix included before bookworm release. Regards, Salvatore
