Search CVE reports
1 – 4 of 4 results
Some fixes available 10 of 28
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
6 affected packages
emacs, xemacs21, xemacs21-packages, emacs24, emacs25, org-mode
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
emacs | Fixed | Fixed | Fixed | — |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emacs24 | Not in release | Not in release | Not in release | — |
emacs25 | Not in release | Not in release | Not in release | Fixed |
org-mode | Fixed | Fixed | Fixed | Fixed |
Some fixes available 8 of 26
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
6 affected packages
emacs, xemacs21, xemacs21-packages, emacs24, emacs25, org-mode
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | — |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emacs24 | Not in release | Not in release | Not in release | — |
emacs25 | Not in release | Not in release | Not in release | Fixed |
org-mode | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 27
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
6 affected packages
emacs, xemacs21, xemacs21-packages, emacs24, emacs25, org-mode
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
emacs | Needs evaluation | Needs evaluation | Needs evaluation | — |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emacs24 | Not in release | Not in release | Not in release | — |
emacs25 | Not in release | Not in release | Not in release | Needs evaluation |
org-mode | Fixed | Fixed | Not affected | Not affected |
Some fixes available 5 of 31
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
7 affected packages
org-mode, xemacs21, xemacs21-packages, emacs, emacs23...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
org-mode | Not affected | Fixed | Not affected | Not affected |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emacs | Not affected | Fixed | Fixed | Not in release |
emacs23 | — | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release |
emacs25 | — | Not in release | Not in release | Fixed |