Fedora Linux 8783 Published by

An emacs security update has been released for Fedora 37.



[SECURITY] Fedora 37 Update: emacs-28.3-0.rc1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-29df561f1d
2023-10-14 01:26:08.208270
--------------------------------------------------------------------------------

Name : emacs
Product : Fedora 37
Version : 28.3
Release : 0.rc1.fc37
URL : http://www.gnu.org/software/emacs/
Summary : GNU Emacs text editor
Description :
Emacs is a powerful, customizable, self-documenting, modeless text
editor. Emacs contains special code editing features, a scripting
language (elisp), and the capability to read mail, news, and more
without leaving the editor.

This package provides an emacs binary with support for X windows.

--------------------------------------------------------------------------------
Update Information:

Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338,
CVE-2022-48339.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Sep 23 2023 Peter Oliver [rpm@mavit.org.uk] - 1:28.3-0.rc1
- Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338, CVE-2022-48339.
* Mon Jun 5 2023 Benson Muite [benson_muite@emailplus.org] - 1:28.2-4
- Use SPDX license expression
- Apply patch to prevent infinite loops when editing python files
fixes rhbz#2187041
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2171990 - CVE-2022-48339 emacs: command injection vulnerability in htmlfontify.el [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2171990
[ 2 ] Bug #2171991 - CVE-2022-48338 emacs: local command injection in ruby-mode.el [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2171991
[ 3 ] Bug #2171992 - CVE-2022-48337 emacs: command execution via shell metacharacters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2171992
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-29df561f1d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------