Bug 13518

Summary: [CVE 21] emacs 28.1 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: High CC: a.proklov, e.kosachev, pastordidi, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2023-27985, CVE-2023-27986,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-08-24 00:19:11 MSK 
Please patch CVEs for package emacs version 28.1
  
INFO (CVEs are): emacs 28.1
 cves found
CVE-2023-27985
Desc: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-27985
Severity: HIGH
CVE-2023-27986
Desc: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-27986
Severity: HIGH
Comment 1 Svyatoslav Matveev 2023-09-04 14:58:29 MSK 
********** QA ADVISORY **********

Cve закрыто патчами.

*** emacs
**  28.1 release +1

https://abf.io/build_lists/4680410
https://abf.io/build_lists/4680409
https://abf.io/build_lists/4680408
https://abf.io/build_lists/4680412
https://abf.io/build_lists/4680411
Comment 2 Dmitry Postnikov 2023-09-05 13:54:10 MSK 
***************************
The update sent to testings
Comment 3 Vladimir Potapov 2023-09-05 16:52:13 MSK 
emacs-28.1-4
https://abf.io/build_lists/4680410
https://abf.io/build_lists/4680409
https://abf.io/build_lists/4680408
https://abf.io/build_lists/4680412
https://abf.io/build_lists/4680411
******************** Advisory ***********************
CVEs fix
*****************************************************
QA Verified
Comment 4 Yury 2023-10-19 10:38:32 MSK 
secteam_verified