In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning
on Org mode. This affects Org Mode before 9.6.23.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | emacs | < any | UNKNOWN |
ubuntu | 22.04 | noarch | emacs | < any | UNKNOWN |
ubuntu | 24.04 | noarch | emacs | < any | UNKNOWN |
ubuntu | 16.04 | noarch | emacs24 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | emacs25 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | org-mode | < any | UNKNOWN |
ubuntu | 20.04 | noarch | org-mode | < any | UNKNOWN |
ubuntu | 22.04 | noarch | org-mode | < any | UNKNOWN |
ubuntu | 24.04 | noarch | org-mode | < any | UNKNOWN |
ubuntu | 16.04 | noarch | org-mode | < any | UNKNOWN |
git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb
git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9
launchpad.net/bugs/cve/CVE-2024-30202
list.orgmode.org/[email protected]/T/#t
lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
nvd.nist.gov/vuln/detail/CVE-2024-30202
security-tracker.debian.org/tracker/CVE-2024-30202
www.cve.org/CVERecord?id=CVE-2024-30202
www.openwall.com/lists/oss-security/2024/03/24/1