{"schema_version":"1.7.2","id":"OESA-2022-2131","modified":"2022-12-09T11:04:40Z","published":"2022-12-09T11:04:40Z","upstream":["CVE-2022-45939"],"summary":"emacs security update","details":"Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the \u0026quot;ctags *\u0026quot; command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-45939)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.1-9.oe1"}]}],"ecosystem_specific":{"aarch64":["emacs-devel-27.1-9.oe1.aarch64.rpm","emacs-debugsource-27.1-9.oe1.aarch64.rpm","emacs-common-27.1-9.oe1.aarch64.rpm","emacs-nox-27.1-9.oe1.aarch64.rpm","emacs-debuginfo-27.1-9.oe1.aarch64.rpm","emacs-lucid-27.1-9.oe1.aarch64.rpm","emacs-27.1-9.oe1.aarch64.rpm"],"noarch":["emacs-terminal-27.1-9.oe1.noarch.rpm","emacs-help-27.1-9.oe1.noarch.rpm","emacs-filesystem-27.1-9.oe1.noarch.rpm"],"src":["emacs-27.1-9.oe1.src.rpm"],"x86_64":["emacs-nox-27.1-9.oe1.x86_64.rpm","emacs-debuginfo-27.1-9.oe1.x86_64.rpm","emacs-27.1-9.oe1.x86_64.rpm","emacs-lucid-27.1-9.oe1.x86_64.rpm","emacs-devel-27.1-9.oe1.x86_64.rpm","emacs-debugsource-27.1-9.oe1.x86_64.rpm","emacs-common-27.1-9.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.1-7.oe1"}]}],"ecosystem_specific":{"aarch64":["emacs-nox-27.1-7.oe1.aarch64.rpm","emacs-27.1-7.oe1.aarch64.rpm","emacs-common-27.1-7.oe1.aarch64.rpm","emacs-debugsource-27.1-7.oe1.aarch64.rpm","emacs-debuginfo-27.1-7.oe1.aarch64.rpm","emacs-devel-27.1-7.oe1.aarch64.rpm","emacs-lucid-27.1-7.oe1.aarch64.rpm"],"noarch":["emacs-help-27.1-7.oe1.noarch.rpm","emacs-filesystem-27.1-7.oe1.noarch.rpm","emacs-terminal-27.1-7.oe1.noarch.rpm"],"src":["emacs-27.1-7.oe1.src.rpm"],"x86_64":["emacs-lucid-27.1-7.oe1.x86_64.rpm","emacs-nox-27.1-7.oe1.x86_64.rpm","emacs-debugsource-27.1-7.oe1.x86_64.rpm","emacs-debuginfo-27.1-7.oe1.x86_64.rpm","emacs-27.1-7.oe1.x86_64.rpm","emacs-devel-27.1-7.oe1.x86_64.rpm","emacs-common-27.1-7.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.2-8.oe2203"}]}],"ecosystem_specific":{"aarch64":["emacs-debuginfo-27.2-8.oe2203.aarch64.rpm","emacs-devel-27.2-8.oe2203.aarch64.rpm","emacs-debugsource-27.2-8.oe2203.aarch64.rpm","emacs-27.2-8.oe2203.aarch64.rpm","emacs-common-27.2-8.oe2203.aarch64.rpm","emacs-lucid-27.2-8.oe2203.aarch64.rpm","emacs-nox-27.2-8.oe2203.aarch64.rpm"],"noarch":["emacs-help-27.2-8.oe2203.noarch.rpm","emacs-terminal-27.2-8.oe2203.noarch.rpm","emacs-filesystem-27.2-8.oe2203.noarch.rpm"],"src":["emacs-27.2-8.oe2203.src.rpm"],"x86_64":["emacs-27.2-8.oe2203.x86_64.rpm","emacs-devel-27.2-8.oe2203.x86_64.rpm","emacs-lucid-27.2-8.oe2203.x86_64.rpm","emacs-debugsource-27.2-8.oe2203.x86_64.rpm","emacs-common-27.2-8.oe2203.x86_64.rpm","emacs-debuginfo-27.2-8.oe2203.x86_64.rpm","emacs-nox-27.2-8.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2131"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45939"}],"database_specific":{"severity":"High"}}