FreeBSD Mail Archives

Date:      Sun, 23 Jun 2024 21:38:00 GMT
From:      Joseph Mingrone <jrm@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 3c06e8a44bbc - main - security/vuxml: Document Emacs arbitrary shell code evaluation
Message-ID:  <202406232138.45NLc0oI047031@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help

The branch main has been updated by jrm:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3c06e8a44bbcbdedea5864d7e9a61596832a4375

commit 3c06e8a44bbcbdedea5864d7e9a61596832a4375
Author:     Joseph Mingrone <jrm@FreeBSD.org>
AuthorDate: 2024-06-23 16:09:54 +0000
Commit:     Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2024-06-23 21:35:38 +0000

    security/vuxml: Document Emacs arbitrary shell code evaluation
    
    Emacs 29.4 is an emergency bugfix release intended to fix a security
    vulnerability.  Arbitrary shell commands are no longer run when turning
    on Org mode in order to avoid running malicious code.
    
    Reviewed by:    ashish, yasu
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D45702
---
 security/vuxml/vuln/2024.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 9c61ccf2e938..35ce1022a309 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,31 @@
+  <vuln vid="4f6c4c07-3179-11ef-9da5-1c697a616631">
+    <topic>emacs -- arbitrary Shell code evaluation vulnerability</topic>
+    <affects>
+      <package>
+       <name>emacs</name>
+       <name>emacs-canna</name>
+       <name>emacs-nox</name>
+       <name>emacs-wayland</name>
+       <range><lt>29.3_3,3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>GNU Emacs developers report:</p>
+	<blockquote cite="https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html">;
+	  <p>Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability.  Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <url>https://seclists.org/oss-sec/2024/q2/296</url>;
+    </references>
+    <dates>
+      <discovery>2024-06-22</discovery>
+      <entry>2024-06-23</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="82830965-3073-11ef-a17d-5404a68ad561">
     <topic>traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202406232138.45NLc0oI047031>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation