FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-02 08:16:04 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f661184a-eb90-11ee-92fc-1c697a616631	emacs -- multiple vulnerabilities GNU Emacs developers report: Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities. Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution. Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer. LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value. Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'. Discovery 2024-03-24 Entry 2024-03-26 emacs emacs-canna emacs-nox < 29.3,3 CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3
4f6c4c07-3179-11ef-9da5-1c697a616631	emacs -- Arbitrary shell code evaluation vulnerability GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code. Discovery 2024-06-22 Entry 2024-06-23 emacs emacs-canna emacs-nox emacs-wayland < 29.3_3,3 emacs-devel emacs-devel-nox < 30.0.50.20240615_1,3 https://seclists.org/oss-sec/2024/q2/296

VuXML ID

Description

f661184a-eb90-11ee-92fc-1c697a616631

emacs -- multiple vulnerabilities

GNU Emacs developers report:

Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities.

Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.

New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution.

Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer.

LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.

Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'.

Discovery 2024-03-24
Entry 2024-03-26
emacs
emacs-canna
emacs-nox

< 29.3,3

CVE-2024-30202
CVE-2024-30203
CVE-2024-30204
CVE-2024-30205
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3

4f6c4c07-3179-11ef-9da5-1c697a616631

emacs -- Arbitrary shell code evaluation vulnerability

GNU Emacs developers report:

Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.

Discovery 2024-06-22
Entry 2024-06-23
emacs
emacs-canna
emacs-nox
emacs-wayland

< 29.3_3,3

emacs-devel
emacs-devel-nox

< 30.0.50.20240615_1,3

https://seclists.org/oss-sec/2024/q2/296