ALT-PU-2025-3544-1

Package update emacs in branch sisyphus_loongarch64

Version30.1-alt1

Task#0

Published2025-02-25

Max severityCRITICAL

Severity:

Closed issues (3)

CRITICAL9.8

Уязвимость функции elisp-completion-at-point() и elisp-flymake-byte-compile() режима ELisp текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Published: 2024-12-05Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2024-53920

HIGH7.8

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Published: 2024-11-27Modified: 2025-11-03

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

HIGH8.8

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Published: 2025-02-12Modified: 2026-04-15

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Closed bugs (1)

Отвалилась поддержка /etc/emacs/site-start.el