Bugzilla – Bug 1222049
VUL-0: CVE-2024-30202: emacs: arbitrary Lisp code is evaluated as part of turning on Org mode
Last modified: 2024-07-19 08:56:40 UTC
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-30202 https://www.cve.org/CVERecord?id=CVE-2024-30202 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Patch: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d
(In reply to SMASH SMASH from comment #0) > In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on > Org mode. This affects Org Mode before 9.6.23. > > References: > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-30202 > https://www.cve.org/CVERecord?id=CVE-2024-30202 > https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 > > Patch: > https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs- > 29&id=2bc865ace050ff118db43f01457f95f95112b877 > https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/ > ?id=4255d5dcc0657915f90e4fba7e0a5514cced514d Misstyped, patch for this CVE are: - https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb - https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9
As Factory is fixed ... is this valid for SLE-15 or SLE-12 SLE-15-SP4/emacs-27.2> pkgtouch -p1 ../CVE-2024-30202.patch 2 out of 2 hunks FAILED -- saving rejects to file lisp/org/org-macro.el.rej
(In reply to Andrea Mattiazzo from comment #4) > (In reply to Andrea Mattiazzo from comment #3) > > Looking through the code: > > > > Tracking as affected: > > - SUSE:ALP:Source:Standard:1.0/emacs SR#324964