Univention Bugzilla – Bug 55541
emacs: Multiple issues (5.0)
Last modified: 2023-01-13 15:50:05 CET
New Debian emacs 1:26.1+1-3.2+deb10u3 fixes: This update addresses the following issue: * ctags local command execution vulnerability (CVE-2022-45939)
--- mirror/ftp/pool/main/e/emacs/emacs_26.1+1-3.2+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/emacs_26.1+1-3.2+deb10u3.dsc @@ -1,3 +1,12 @@ +1:26.1+1-3.2+deb10u3 [Sat, 31 Dec 2022 12:40:43 +0000] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Debian LTS team. + CVE-2022-45939: Prevent an issue where attackers could have executed + arbitrary commands via shell metacharacters in the name of a source-code + file. This was because lib-src/etags.c used the system(3) library function + when calling the ctags binary. (Closes: #1025009) + * Drop upstream's .gitignore. + 1:26.1+1-3.2+deb10u2 [Fri, 22 Jan 2021 19:42:27 -0600] Rob Browning <rlb@defaultvalue.org>: * Don't crash with OpenPGP User IDs with no e-mail address. Add <http://piuparts.knut.univention.de/5.0-2/#6800914901537750748>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 2bdc0d9909 Bug #55541: emacs 1:26.1+1-3.2+deb10u3 doc/errata/staging/emacs.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x529>