ELA-861-1 emacs24 security update

arbitrary shell command execution

2023-06-03
Packageemacs24
Version24.4+1-5+deb8u2 (jessie), 24.5+1-11+deb9u2 (stretch)
Related CVEs CVE-2022-48339 CVE-2023-28617


Xi Lu discovered that missing input sanitizing in Emacs could result in the execution of arbitrary shell commands.



For Debian 8 jessie, these problems have been fixed in version 24.4+1-5+deb8u2.

For Debian 9 stretch, these problems have been fixed in version 24.5+1-11+deb9u2.

We recommend that you upgrade your emacs24 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.