[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1074136: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3

Hi

There is a new vulnerability in Emacs Org mode. Details:

https://www.openwall.com/lists/oss-security/2024/06/23/1

Upstream fix (in org-mode);

https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8

Regards,
Salvatore
Reply to: