Bugzilla – Bug 1222050
VUL-0: CVE-2024-30205: emacs: Org mode considers contents of remote files to be trusted
Last modified: 2024-07-04 08:30:05 UTC
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-30205 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 https://www.cve.org/CVERecord?id=CVE-2024-30205 Patch: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d
Fixed in TW .. is this still valid for SLE-15 and SLE-12 as the patch does not apply in emacs 27.2 SLE-15-SP4/emacs-27.2> pkgtouch -p1 ../CVE-2024-30205.patch 1 out of 1 hunk FAILED -- saving rejects to file lisp/org/org.el.rej
Tracking as affected: - SUSE:ALP:Source:Standard:1.0/emacs - SUSE:SLE-15-SP4:Update/emacs Already fixed: - openSUSE:Factory/emacs
Tracking as affected as marking unsafe remote files are useful for resolution of https://bugzilla.suse.com/show_bug.cgi?id=1222052: - SUSE:SLE-12:Update/emacs - SUSE:SLE-15:Update/emacs
SUSE-SU-2024:1294-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1222050, 1222052, 1222053 CVE References: CVE-2024-30203, CVE-2024-30204, CVE-2024-30205 Maintenance Incident: [SUSE:Maintenance:33222](https://smelt.suse.de/incident/33222/) Sources used: openSUSE Leap 15.4 (src): emacs-27.2-150400.3.11.1 openSUSE Leap 15.5 (src): emacs-27.2-150400.3.11.1 Basesystem Module 15-SP5 (src): emacs-27.2-150400.3.11.1 Desktop Applications Module 15-SP5 (src): emacs-27.2-150400.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1317-1: An update that solves three vulnerabilities can now be installed. Category: security (low) Bug References: 1222050, 1222052, 1222053 CVE References: CVE-2024-30203, CVE-2024-30204, CVE-2024-30205 Maintenance Incident: [SUSE:Maintenance:33335](https://smelt.suse.de/incident/33335/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): emacs-24.3-25.17.1 SUSE Linux Enterprise Server 12 SP5 (src): emacs-24.3-25.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): emacs-24.3-25.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2297-1: An update that solves four vulnerabilities can now be installed. Category: security (important) Bug References: 1222050, 1222052, 1222053, 1226957 CVE References: CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331 Maintenance Incident: [SUSE:Maintenance:33336](https://smelt.suse.de/incident/33336/) Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): emacs-25.3-150000.3.22.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): emacs-25.3-150000.3.22.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): emacs-25.3-150000.3.22.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): emacs-25.3-150000.3.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): emacs-25.3-150000.3.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): emacs-25.3-150000.3.22.1 SUSE Enterprise Storage 7.1 (src): emacs-25.3-150000.3.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.