Advisories » MGASA-2024-0276

Updated emacs packages improve Wayland support and fix a security vulnerability

Publication date: 31 Jul 2024
Modification date: 31 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-39331

Description

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a
%(...) link abbrev even when it specifies an unsafe function, such as
shell-command-to-string. (CVE-2024-39331)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33433
• https://lists.suse.com/pipermail/sle-security-updates/2024-July/019003.html
• https://bugs.mageia.org/show_bug.cgi?id=33241
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39331

SRPMS

9/core

• emacs-29.4-1.mga9