Ubuntu has issued an advisory today (April 6): https://ubuntu.com/security/notices/USN-6003-1 Mageia 8 is also affected.
Status comment: (none) => Patches available from UbuntuWhiteboard: (none) => MGA8TOO
Assigning to ns80, as you did other recent CVE updates for emacs.
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. (CVE-2023-28617) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28617 https://ubuntu.com/security/notices/USN-6003-1 ======================== Updated packages in core/updates_testing: ======================== emacs-27.1-1.4.mga8 emacs-common-27.1-1.4.mga8 emacs-doc-27.1-1.4.mga8 emacs-el-27.1-1.4.mga8 emacs-leim-27.1-1.4.mga8 emacs-nox-27.1-1.4.mga8 from SRPM: emacs-27.1-1.4.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA8TOO => (none)Version: Cauldron => 8Source RPM: emacs-28.2-9.mga9.src.rpm => emacs-27.1-1.3.mga8.src.rpmCC: (none) => nicolas.salgueroStatus comment: Patches available from Ubuntu => (none)
CVE: (none) => CVE-2023-28617
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Opened a text file with emacs, but couldn't make any sense of its workings. I'll keep my feelings about it for myself. Leaving to someone else who can judge whether it works as intended or not.
CC: (none) => herman.viaene
Mageia8, x86_64 An acquired taste maybe Herman. It is a world in itself and uses Common Lisp at some level (which I do not know). Have been using it for over 40 years in a fairly basic fashion. For editing program code it continues to provide colour coding, (like many editors) if an extension is provided; .c, .py, .pl, .rb etc. I use it with a .emacs file which contains shortcuts for several common operations like changing case, moving to a line by number, exporting and importing text files, performing repeated substitutions, splitting windows, etc. which can be bound to unused keys. That all seems to work as before so it can go out. The .emacs file is based on one Horst Meyerdierks wrote many years ago.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Always good to have a tester that's familiar with the application, Len. Thanks! Validating. Advisory in comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0152.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED