Bug#1074136: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3
Hi
There is a new vulnerability in Emacs Org mode. Details:
https://www.openwall.com/lists/oss-security/2024/06/23/1
Upstream fix (in org-mode);
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
Regards,
Salvatore
Reply to: