FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
4f6c4c07-3179-11ef-9da5-1c697a616631 | emacs -- Arbitrary shell code evaluation vulnerability
GNU Emacs developers report:
Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.
Discovery 2024-06-22 Entry 2024-06-23 emacs
emacs-canna
emacs-nox
emacs-wayland
< 29.3_3,3
emacs-devel
emacs-devel-nox
< 30.0.50.20240615_1,3
https://seclists.org/oss-sec/2024/q2/296
|
f661184a-eb90-11ee-92fc-1c697a616631 | emacs -- multiple vulnerabilities
GNU Emacs developers report:
Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities.
- Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.
- New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution.
- Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer.
- LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.
- Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'.
Discovery 2024-03-24 Entry 2024-03-26 emacs
emacs-canna
emacs-nox
< 29.3,3
CVE-2024-30202
CVE-2024-30203
CVE-2024-30204
CVE-2024-30205
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3
|