FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

emacs -- Arbitrary shell code evaluation vulnerability

Affected packages
emacs < 29.3_3,3
emacs-canna < 29.3_3,3
emacs-nox < 29.3_3,3
emacs-wayland < 29.3_3,3
emacs-devel < 30.0.50.20240615_1,3
emacs-devel-nox < 30.0.50.20240615_1,3

Details

VuXML ID 4f6c4c07-3179-11ef-9da5-1c697a616631
Discovery 2024-06-22
Entry 2024-06-23

GNU Emacs developers report:

Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.

References

URL https://seclists.org/oss-sec/2024/q2/296