oss-sec mailing list archives
Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 9 Mar 2023 08:15:14 +0100
Hi, On Wed, Mar 08, 2023 at 12:37:29PM +0100, Gabriel Corona wrote:
emacsclient-mail.desktop is vulnerable to shell command injections and Emacs Lisp injections through a crafted mailto: URI.
Two CVEs are assigned by MITRE:
This has been introduced in Emacs 28.1: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c A fix for shell command injection is currently included in the upcoming 28.3 branch: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467
CVE-2023-27985
A fix for both is currently included in the upcoming 29.1 branch: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc
CVE-2023-27986 Regards, Salvatore
Current thread:
- Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Gabriel Corona (Mar 08)
- Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Salvatore Bonaccorso (Mar 08)