[SECURITY] [DSA 5314-1] emacs security update

2023-01-1118:59:48

lists.debian.org

emacs

input sanitising

vulnerability

patched

debian

cve-2022-45939

shell commands

security update

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

Debian Security Advisory DSA-5314-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 11, 2023 https://www.debian.org/security/faq

Package : emacs
CVE ID : CVE-2022-45939
Debian Bug : 1025009

It was discovered that missing input sanitising in the ctags functionality
of Emacs may result in the execution of arbitrary shell commands.

For the stable distribution (bullseye), this problem has been fixed in
version 1:27.1+1-3.1+deb11u1.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/emacs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10allemacs23-nox< 1:26.1+1-3.2+deb10u3emacs23-nox_1:26.1+1-3.2+deb10u3_all.deb
Debian10i386emacs-bin-common< 1:26.1+1-3.2+deb10u3emacs-bin-common_1:26.1+1-3.2+deb10u3_i386.deb
Debian11mips64elemacs-gtk< 1:27.1+1-3.1+deb11u1emacs-gtk_1:27.1+1-3.1+deb11u1_mips64el.deb
Debian11arm64emacs-nox-dbgsym< 1:27.1+1-3.1+deb11u1emacs-nox-dbgsym_1:27.1+1-3.1+deb11u1_arm64.deb
Debian10i386emacs-lucid< 1:26.1+1-3.2+deb10u3emacs-lucid_1:26.1+1-3.2+deb10u3_i386.deb
Debian10amd64emacs-bin-common< 1:26.1+1-3.2+deb10u3emacs-bin-common_1:26.1+1-3.2+deb10u3_amd64.deb
Debian11amd64emacs-gtk< 1:27.1+1-3.1+deb11u1emacs-gtk_1:27.1+1-3.1+deb11u1_amd64.deb
Debian11armhfemacs-lucid< 1:27.1+1-3.1+deb11u1emacs-lucid_1:27.1+1-3.1+deb11u1_armhf.deb
Debian11amd64emacs-lucid< 1:27.1+1-3.1+deb11u1emacs-lucid_1:27.1+1-3.1+deb11u1_amd64.deb
Debian11ppc64elemacs-lucid< 1:27.1+1-3.1+deb11u1emacs-lucid_1:27.1+1-3.1+deb11u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	emacs23-nox	< 1:26.1+1-3.2+deb10u3	emacs23-nox_1:26.1+1-3.2+deb10u3_all.deb
Debian	10	i386	emacs-bin-common	< 1:26.1+1-3.2+deb10u3	emacs-bin-common_1:26.1+1-3.2+deb10u3_i386.deb
Debian	11	mips64el	emacs-gtk	< 1:27.1+1-3.1+deb11u1	emacs-gtk_1:27.1+1-3.1+deb11u1_mips64el.deb
Debian	11	arm64	emacs-nox-dbgsym	< 1:27.1+1-3.1+deb11u1	emacs-nox-dbgsym_1:27.1+1-3.1+deb11u1_arm64.deb
Debian	10	i386	emacs-lucid	< 1:26.1+1-3.2+deb10u3	emacs-lucid_1:26.1+1-3.2+deb10u3_i386.deb
Debian	10	amd64	emacs-bin-common	< 1:26.1+1-3.2+deb10u3	emacs-bin-common_1:26.1+1-3.2+deb10u3_amd64.deb
Debian	11	amd64	emacs-gtk	< 1:27.1+1-3.1+deb11u1	emacs-gtk_1:27.1+1-3.1+deb11u1_amd64.deb
Debian	11	armhf	emacs-lucid	< 1:27.1+1-3.1+deb11u1	emacs-lucid_1:27.1+1-3.1+deb11u1_armhf.deb
Debian	11	amd64	emacs-lucid	< 1:27.1+1-3.1+deb11u1	emacs-lucid_1:27.1+1-3.1+deb11u1_amd64.deb
Debian	11	ppc64el	emacs-lucid	< 1:27.1+1-3.1+deb11u1	emacs-lucid_1:27.1+1-3.1+deb11u1_ppc64el.deb