Advisories » MGASA-2023-0152

Updated emacs packages fix security vulnerability

Publication date: 24 Apr 2023
Modification date: 23 Apr 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-28617

Description

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU
Emacs allows attackers to execute arbitrary commands via a file name or
directory name that contains shell metacharacters. (CVE-2023-28617)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31767
• https://ubuntu.com/security/notices/USN-6003-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28617

SRPMS

8/core

• emacs-27.1-1.4.mga8