FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4f6c4c07-3179-11ef-9da5-1c697a616631emacs -- Arbitrary shell code evaluation vulnerability

GNU Emacs developers report:

Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.


Discovery 2024-06-22
Entry 2024-06-23
emacs
emacs-canna
emacs-nox
emacs-wayland
< 29.3_3,3

emacs-devel
emacs-devel-nox
< 30.0.50.20240615_1,3

https://seclists.org/oss-sec/2024/q2/296
f661184a-eb90-11ee-92fc-1c697a616631emacs -- multiple vulnerabilities

GNU Emacs developers report:

Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities.

  • Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.
  • New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution.
  • Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer.
  • LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.
  • Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'.

Discovery 2024-03-24
Entry 2024-03-26
emacs
emacs-canna
emacs-nox
< 29.3,3

CVE-2024-30202
CVE-2024-30203
CVE-2024-30204
CVE-2024-30205
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3