| Package | emacs24 |
|---|---|
| Version | 24.4+1-5+deb8u3 (jessie), 24.5+1-11+deb9u3 (stretch) |
| Related CVEs | CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 |
Multiple problems were discovered in GNU Emacs, the extensible, customisable, self-documenting display editor.
CVE-2024-30203 & CVE-2024-30204
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments in some Emacs MUAs. This can lead to denial of service.
(A request has been submitted to MITRE to merge these CVE numbers.)
CVE-2024-30205
In Emacs before 29.3, Org mode considers the contents of remote files to be trusted. This affects Org Mode before 9.6.23.
For Debian 8 jessie, these problems have been fixed in version 24.4+1-5+deb8u3.
For Debian 9 stretch, these problems have been fixed in version 24.5+1-11+deb9u3.
We recommend that you upgrade your emacs24 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.