Debian 10264 Published by

Updated GNU Emacs packages are available for both Debian GNU/Linux 8 (Jessie) and 9 (Stretch) Extended LTS. The updates addresses a security issue that could lead to arbitrary code execution.

ELA-1122-1 emacs24 security update
ELA-1123-1 emacs25 security update




ELA-1122-1 emacs24 security update

Package : emacs24
Version : 24.4+1-5+deb8u5 (jessie), 24.5+1-11+deb9u5 (stretch)

Related CVEs :
CVE-2024-39331

A vulnerability was discovered in GNU Emacs, the extensible, customisable,
self-documenting display editor.
The org-link-expand-abbrev function expanded a %(…) link abbrev even when
the abbrev specified an unsafe function, such as shell-command-to-string.
This could lead to arbitrary code execution as soon as an Org-mode format file
was opened.

ELA-1122-1 emacs24 security update


ELA-1123-1 emacs25 security update

Package : emacs25
Version : 25.1+1-4+deb9u5 (stretch)

Related CVEs :
CVE-2024-39331

A vulnerability was discovered in GNU Emacs, the extensible, customisable,
self-documenting display editor.
The org-link-expand-abbrev function expanded a %(…) link abbrev even when
the abbrev specified an unsafe function, such as shell-command-to-string.
This could lead to arbitrary code execution as soon as an Org-mode format file
was opened.

ELA-1123-1 emacs25 security update