FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-05-27 16:00:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4f6c4c07-3179-11ef-9da5-1c697a616631emacs -- Arbitrary shell code evaluation vulnerability

GNU Emacs developers report:

Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.


Discovery 2024-06-22
Entry 2024-06-23
emacs
emacs-canna
emacs-nox
emacs-wayland
< 29.3_3,3

emacs-devel
emacs-devel-nox
< 30.0.50.20240615_1,3

https://seclists.org/oss-sec/2024/q2/296
7ba6c085-1590-491a-98ce-5452646b196fEmacs -- Shell injection vulnerability

Problem Description:

An Emacs user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.


Discovery 2024-11-27
Entry 2025-02-24
emacs
emacs-canna
emacs-nox
emacs-wayland
< 30.1,3

emacs-devel
emacs-devel-nox
< 31.0.50.20250101,3

CVE-2024-53920
https://nvd.nist.gov/vuln/detail/CVE-2024-53920