From e9c72a3c944e307ce9cee246ef49e05c2340bf1a Mon Sep 17 00:00:00 2001 From: Joseph Mingrone Date: Tue, 26 Mar 2024 14:05:50 -0300 Subject: security/vuxml: Document vulns in Emacs prior to version 29.3 Obtained from: https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3 Sponsored by: The FreeBSD Foundation --- security/vuxml/vuln/2024.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 25b61253c797..c455477eb735 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,41 @@ + + emacs -- multiple vulnerabilities + + + emacs + emacs-canna + emacs-nox + 29.3,3 + + + + +

GNU Emacs developers report:

+
Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities.
+
+
Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.
+
New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution.
+
Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer.
+
LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.
+
Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'.
+
+

+ + + + CVE-2024-30202 + CVE-2024-30203 + CVE-2024-30204 + CVE-2024-30205 + https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3 + + + 2024-03-24 + 2024-03-26 + + + chromium -- multiple security fixes -- cgit v1.2.3