oss-sec mailing list archives

Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 9 Mar 2023 08:15:14 +0100

Hi,

On Wed, Mar 08, 2023 at 12:37:29PM +0100, Gabriel Corona wrote:

emacsclient-mail.desktop is vulnerable to shell command
injections and Emacs Lisp injections through a crafted
mailto: URI.


Two CVEs are assigned by MITRE:


This has been introduced in Emacs 28.1:

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c

A fix for shell command injection is currently included
in the upcoming 28.3 branch:

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467


CVE-2023-27985


A fix for both is currently included in the upcoming 29.1 branch:

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc


CVE-2023-27986

Regards,
Salvatore

Current thread:

Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Gabriel Corona (Mar 08)
- Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Salvatore Bonaccorso (Mar 08)