Control: retitle -1 emacs: CVE-2023-27985 CVE-2023-27986 On Wed, Mar 08, 2023 at 08:57:52PM +0100, Salvatore Bonaccorso wrote: > Source: emacs > Version: 1:28.2+1-11 > Severity: grave > Tags: security upstream > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > Hi > > No CVEs are yet assigned for the the following two issues: > > | emacsclient-mail.desktop is vulnerable to shell command > | injections and Emacs Lisp injections through a crafted > | mailto: URI. > > See: https://www.openwall.com/lists/oss-security/2023/03/08/2
CVEs were assigned for those two. > > Fixes: > > http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467 CVE-2023-27985 > http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc CVE-2023-27986 Regards, Salvatore
