{"schema_version":"1.7.2","id":"OESA-2023-1185","modified":"2023-03-31T11:05:05Z","published":"2023-03-31T11:05:05Z","upstream":["CVE-2023-28617"],"summary":"emacs security update","details":"Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\norg-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.(CVE-2023-28617)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.1-11.oe1"}]}],"ecosystem_specific":{"aarch64":["emacs-27.1-11.oe1.aarch64.rpm","emacs-devel-27.1-11.oe1.aarch64.rpm","emacs-nox-27.1-11.oe1.aarch64.rpm","emacs-common-27.1-11.oe1.aarch64.rpm","emacs-lucid-27.1-11.oe1.aarch64.rpm","emacs-debugsource-27.1-11.oe1.aarch64.rpm","emacs-debuginfo-27.1-11.oe1.aarch64.rpm"],"noarch":["emacs-terminal-27.1-11.oe1.noarch.rpm","emacs-filesystem-27.1-11.oe1.noarch.rpm","emacs-help-27.1-11.oe1.noarch.rpm"],"src":["emacs-27.1-11.oe1.src.rpm"],"x86_64":["emacs-27.1-11.oe1.x86_64.rpm","emacs-debugsource-27.1-11.oe1.x86_64.rpm","emacs-common-27.1-11.oe1.x86_64.rpm","emacs-debuginfo-27.1-11.oe1.x86_64.rpm","emacs-devel-27.1-11.oe1.x86_64.rpm","emacs-nox-27.1-11.oe1.x86_64.rpm","emacs-lucid-27.1-11.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.1-9.oe1"}]}],"ecosystem_specific":{"aarch64":["emacs-27.1-9.oe1.aarch64.rpm","emacs-debuginfo-27.1-9.oe1.aarch64.rpm","emacs-nox-27.1-9.oe1.aarch64.rpm","emacs-common-27.1-9.oe1.aarch64.rpm","emacs-devel-27.1-9.oe1.aarch64.rpm","emacs-debugsource-27.1-9.oe1.aarch64.rpm","emacs-lucid-27.1-9.oe1.aarch64.rpm"],"noarch":["emacs-terminal-27.1-9.oe1.noarch.rpm","emacs-help-27.1-9.oe1.noarch.rpm","emacs-filesystem-27.1-9.oe1.noarch.rpm"],"src":["emacs-27.1-9.oe1.src.rpm"],"x86_64":["emacs-common-27.1-9.oe1.x86_64.rpm","emacs-debugsource-27.1-9.oe1.x86_64.rpm","emacs-27.1-9.oe1.x86_64.rpm","emacs-nox-27.1-9.oe1.x86_64.rpm","emacs-devel-27.1-9.oe1.x86_64.rpm","emacs-lucid-27.1-9.oe1.x86_64.rpm","emacs-debuginfo-27.1-9.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.2-10.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["emacs-common-27.2-10.oe2203.aarch64.rpm","emacs-nox-27.2-10.oe2203.aarch64.rpm","emacs-debuginfo-27.2-10.oe2203.aarch64.rpm","emacs-debugsource-27.2-10.oe2203.aarch64.rpm","emacs-27.2-10.oe2203.aarch64.rpm","emacs-lucid-27.2-10.oe2203.aarch64.rpm","emacs-devel-27.2-10.oe2203.aarch64.rpm","emacs-27.2-10.oe2203sp1.aarch64.rpm","emacs-common-27.2-10.oe2203sp1.aarch64.rpm","emacs-nox-27.2-10.oe2203sp1.aarch64.rpm","emacs-debuginfo-27.2-10.oe2203sp1.aarch64.rpm","emacs-debugsource-27.2-10.oe2203sp1.aarch64.rpm","emacs-lucid-27.2-10.oe2203sp1.aarch64.rpm","emacs-devel-27.2-10.oe2203sp1.aarch64.rpm"],"noarch":["emacs-help-27.2-10.oe2203.noarch.rpm","emacs-terminal-27.2-10.oe2203.noarch.rpm","emacs-filesystem-27.2-10.oe2203.noarch.rpm","emacs-terminal-27.2-10.oe2203sp1.noarch.rpm","emacs-help-27.2-10.oe2203sp1.noarch.rpm","emacs-filesystem-27.2-10.oe2203sp1.noarch.rpm"],"src":["emacs-27.2-10.oe2203.src.rpm","emacs-27.2-10.oe2203sp1.src.rpm"],"x86_64":["emacs-nox-27.2-10.oe2203.x86_64.rpm","emacs-27.2-10.oe2203.x86_64.rpm","emacs-debuginfo-27.2-10.oe2203.x86_64.rpm","emacs-devel-27.2-10.oe2203.x86_64.rpm","emacs-common-27.2-10.oe2203.x86_64.rpm","emacs-lucid-27.2-10.oe2203.x86_64.rpm","emacs-debugsource-27.2-10.oe2203.x86_64.rpm","emacs-debuginfo-27.2-10.oe2203sp1.x86_64.rpm","emacs-nox-27.2-10.oe2203sp1.x86_64.rpm","emacs-27.2-10.oe2203sp1.x86_64.rpm","emacs-lucid-27.2-10.oe2203sp1.x86_64.rpm","emacs-debugsource-27.2-10.oe2203sp1.x86_64.rpm","emacs-common-27.2-10.oe2203sp1.x86_64.rpm","emacs-devel-27.2-10.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"emacs","purl":"pkg:rpm/openEuler/emacs\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"27.2-10.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["emacs-27.2-10.oe2203sp1.aarch64.rpm","emacs-common-27.2-10.oe2203sp1.aarch64.rpm","emacs-nox-27.2-10.oe2203sp1.aarch64.rpm","emacs-debuginfo-27.2-10.oe2203sp1.aarch64.rpm","emacs-debugsource-27.2-10.oe2203sp1.aarch64.rpm","emacs-lucid-27.2-10.oe2203sp1.aarch64.rpm","emacs-devel-27.2-10.oe2203sp1.aarch64.rpm"],"noarch":["emacs-terminal-27.2-10.oe2203sp1.noarch.rpm","emacs-help-27.2-10.oe2203sp1.noarch.rpm","emacs-filesystem-27.2-10.oe2203sp1.noarch.rpm"],"src":["emacs-27.2-10.oe2203sp1.src.rpm"],"x86_64":["emacs-debuginfo-27.2-10.oe2203sp1.x86_64.rpm","emacs-nox-27.2-10.oe2203sp1.x86_64.rpm","emacs-27.2-10.oe2203sp1.x86_64.rpm","emacs-lucid-27.2-10.oe2203sp1.x86_64.rpm","emacs-debugsource-27.2-10.oe2203sp1.x86_64.rpm","emacs-common-27.2-10.oe2203sp1.x86_64.rpm","emacs-devel-27.2-10.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1185"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28617"}],"database_specific":{"severity":"Critical"}}