| Package | emacs25 |
|---|---|
| Version | 25.1+1-4+deb9u3 (stretch) |
| Related CVEs | CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 |
Multiple problems were discovered in GNU Emacs, the extensible, customisable, self-documenting display editor.
CVE-2024-30203 & CVE-2024-30204
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments in some Emacs MUAs. This can lead to denial of service.
(A request has been submitted to MITRE to merge these CVE numbers.)
CVE-2024-30205
In Emacs before 29.3, Org mode considers the contents of remote files to be trusted. This affects Org Mode before 9.6.23.
For Debian 9 stretch, these problems have been fixed in version 25.1+1-4+deb9u3.
We recommend that you upgrade your emacs25 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.