diff options
author | Joseph Mingrone <jrm@FreeBSD.org> | 2024-03-26 17:05:50 +0000 |
---|---|---|
committer | Joseph Mingrone <jrm@FreeBSD.org> | 2024-03-26 17:44:35 +0000 |
commit | e9c72a3c944e307ce9cee246ef49e05c2340bf1a (patch) | |
tree | 8fd794a8c730d1def561d5874e29de1b068a1a30 | |
parent | 2b74e8c0ebd7a9ec905d5273a05a107ea098dc42 (diff) | |
download | ports-e9c72a3c944e307ce9cee246ef49e05c2340bf1a.tar.gz ports-e9c72a3c944e307ce9cee246ef49e05c2340bf1a.zip |
security/vuxml: Document vulns in Emacs prior to version 29.3
Obtained from: https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3
Sponsored by: The FreeBSD Foundation
-rw-r--r-- | security/vuxml/vuln/2024.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 25b61253c797..c455477eb735 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,41 @@ + <vuln vid="f661184a-eb90-11ee-92fc-1c697a616631"> + <topic>emacs -- multiple vulnerabilities</topic> + <affects> + <package> + <name>emacs</name> + <name>emacs-canna</name> + <name>emacs-nox</name> + <range><lt>29.3,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GNU Emacs developers report:</p> + <blockquote cite="https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3"> + <p>Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities.</p> + <ul> + <li>Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.</li> + <li>New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution.</li> + <li>Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer.</li> + <li>LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.</li> + <li>Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-30202</cvename> + <cvename>CVE-2024-30203</cvename> + <cvename>CVE-2024-30204</cvename> + <cvename>CVE-2024-30205</cvename> + <url>https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3</url> + </references> + <dates> + <discovery>2024-03-24</discovery> + <entry>2024-03-26</entry> + </dates> + </vuln> + <vuln vid="80815c47-e84f-11ee-8e76-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects> |