INFSA-2024:6987: Emacs security update
Information about definition
Identificator: INFSA-2024:6987
Type: security
Release date: 2024-10-10 10:39:34 UTC
Information about package
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Vulnerabilities description
- CVE-2024-30203
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
- CVE-2024-30205
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
- CVE-2024-39331
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-30203
|
no information | 5.5 | no information |
|
NIST — CVE-2024-30205
|
no information | 7.8 | no information |
|
NIST — CVE-2024-39331
|
no information | 7.8 | no information |
Updated packages