Updated emacs packages fix security vulnerabilities
Publication date: 31 Mar 2024Modification date: 31 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-30202 , CVE-2024-30203 , CVE-2024-30204 , CVE-2024-30205
Description
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of
turning on Org mode. This affects Org Mode before 9.6.23.
(CVE-2024-30202)
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
(CVE-2024-30203)
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail
attachments. (CVE-2024-30204)
In Emacs before 29.3, Org mode considers contents of remote files to be
trusted. This affects Org Mode before 9.6.23. (CVE-2024-30205)
References
- https://bugs.mageia.org/show_bug.cgi?id=33019
- https://www.openwall.com/lists/oss-security/2024/03/24/1
- https://www.openwall.com/lists/oss-security/2024/03/25/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30202
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30203
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30204
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30205
SRPMS
9/core
- emacs-28.2-10.1.mga9