发布于3月6日3月6日 Members Red Hat: CVE-2024-39331: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 06/23/2024 Created 09/11/2024 Added 09/10/2024 Modified 09/25/2024 Description In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. Solution(s) redhat-upgrade-emacs redhat-upgrade-emacs-common redhat-upgrade-emacs-common-debuginfo redhat-upgrade-emacs-debuginfo redhat-upgrade-emacs-debugsource redhat-upgrade-emacs-filesystem redhat-upgrade-emacs-lucid redhat-upgrade-emacs-lucid-debuginfo redhat-upgrade-emacs-nox redhat-upgrade-emacs-nox-debuginfo redhat-upgrade-emacs-terminal References CVE-2024-39331 RHSA-2024:6203 RHSA-2024:6510 RHSA-2024:6987
