ELA-858-1 emacs25 security update

arbitrary shell command execution

2023-05-30
Packageemacs25
Version25.1+1-4+deb9u2 (stretch)
Related CVEs CVE-2022-45939 CVE-2022-48337 CVE-2022-48339 CVE-2023-28617


Xi Lu discovered that missing input sanitizing in Emacs could result in the execution of arbitrary shell commands.



For Debian 9 stretch, these problems have been fixed in version 25.1+1-4+deb9u2.

We recommend that you upgrade your emacs25 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.