[Bug 2070418] Re: Security vulnerability, arbitrary shell commands can run when turning on org-mode

Thu, 19 Sep 2024 10:06:03 -0700 

This bug was fixed in the package emacs - 1:27.1+1-3ubuntu5.2

---------------
emacs (1:27.1+1-3ubuntu5.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Command Injection
    - debian/patches/CVE-2022-45939.patch: Fixed ctags local command
    execute vulnerability
    - debian/patches/CVE-2022-48337.patch: Fix etags local command
    injection vulnerability
    - debian/patches/CVE-2022-48338.patch: Fix ruby-mode.el local
    command injection vulnerability (bug#60268)
    - debian/patches/CVE-2022-48339.patch: Fix htmlfontify.el command
    injection vulnerability.
    - debian/patches/CVE-2023-28617.patch: * lisp/ob-latex.el: Fix
    command injection vulnerability
    - debian/patches/CVE-2024-30203-04-05-1.patch: * lisp/files.el
    (untrusted-content): New variable.
    - debian/patches/CVE-2024-30203-04-05-2.patch: * lisp/gnus/mm-
    view.el (mm-display-inline-fontify): Mark contents untrusted.
    - debian/patches/CVE-2024-30203-04-05-3.patch: org-latex-preview:
    Add protection when `untrusted-content' is non-nil
    - debian/patches/CVE-2024-30203-04-05-4.patch: org-file-contents:
    Consider all remote files unsafe
    - debian/patches/CVE-2024-39331.patch: org-link-expand-abbrev: Do
    not evaluate arbitrary unsafe Elisp code (LP: #2070418)
    - CVE-2022-45939
    - CVE-2022-48337
    - CVE-2022-48338
    - CVE-2022-48339
    - CVE-2023-28617
    - CVE-2024-30203
    - CVE-2024-30204
    - CVE-2024-30205
    - CVE-2024-39331

 -- Allen Huang <[email protected]>  Thu, 12 Sep 2024 11:23:44
+0100

** Changed in: emacs (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-45939

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48337

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48338

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48339

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28617

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-30203

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-30204

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-30205

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-39331

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2070418

Title:
  Security vulnerability, arbitrary shell commands can run when turning
  on org-mode

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/emacs/+bug/2070418/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to