oss-sec mailing list archives

Shell command and Emacs Lisp code injection in emacsclient-mail.desktop

From: Gabriel Corona <gabriel.corona () free fr>
Date: Wed, 8 Mar 2023 12:37:29 +0100

emacsclient-mail.desktop is vulnerable to shell command
injections and Emacs Lisp injections through a crafted
mailto: URI.

This has been introduced in Emacs 28.1:

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c

A fix for shell command injection is currently included
in the upcoming 28.3 branch:

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467

A fix for both is currently included in the upcoming 29.1 branch:

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Current thread:

Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Gabriel Corona (Mar 08)
- Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Salvatore Bonaccorso (Mar 08)