MGASA-2024-0104

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0104.html

Import Source

https://advisories.mageia.org/MGASA-2024-0104.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0104

Related

CVE-2024-30202
CVE-2024-30203
CVE-2024-30204
CVE-2024-30205

Published

2024-03-31T03:27:58Z

Modified

2024-03-31T03:13:04Z

Summary

Updated emacs packages fix security vulnerabilities

Details

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. (CVE-2024-30202) In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. (CVE-2024-30204) In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. (CVE-2024-30205)

References

https://advisories.mageia.org/MGASA-2024-0104.html
https://bugs.mageia.org/show_bug.cgi?id=33019
https://www.openwall.com/lists/oss-security/2024/03/24/1
https://www.openwall.com/lists/oss-security/2024/03/25/2

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2024-0104

Affected packages