https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=c645e1d8205f0f0663ec4a2d27575b238c646c7c Fixed in just-released 29.4.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1517a3daa51dfa707d64365fb681e15ae7c90a1d commit 1517a3daa51dfa707d64365fb681e15ae7c90a1d Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2024-06-22 19:02:41 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2024-06-22 19:10:41 +0000 app-editors/emacs: Backport org-mode fix from Emacs 29.4 Bug: https://bugs.gentoo.org/934736 Signed-off-by: Ulrich Müller <ulm@gentoo.org> app-editors/emacs/Manifest | 3 + app-editors/emacs/emacs-26.3-r19.ebuild | 382 ++++++++++++++++++++++ app-editors/emacs/emacs-27.2-r17.ebuild | 449 ++++++++++++++++++++++++++ app-editors/emacs/emacs-28.2-r13.ebuild | 544 ++++++++++++++++++++++++++++++++ 4 files changed, 1378 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1da683c58980d2309322d6e4a6a8dc4791dca923 commit 1da683c58980d2309322d6e4a6a8dc4791dca923 Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2024-06-22 17:57:48 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2024-06-22 19:10:39 +0000 app-editors/emacs: add 29.4 Bug: https://bugs.gentoo.org/934736 Signed-off-by: Ulrich Müller <ulm@gentoo.org> app-editors/emacs/Manifest | 2 + app-editors/emacs/emacs-29.4.ebuild | 631 ++++++++++++++++++++++++++++++++++++ 2 files changed, 633 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4554e0e224b1a967661ebb5b63b1d35b544617c5 commit 4554e0e224b1a967661ebb5b63b1d35b544617c5 Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2024-06-23 10:09:36 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2024-06-23 10:13:15 +0000 app-editors/emacs: Backport org-mode fix from Emacs 29.4 Bug: https://bugs.gentoo.org/934736 Signed-off-by: Ulrich Müller <ulm@gentoo.org> app-editors/emacs/Manifest | 1 + app-editors/emacs/emacs-29.3-r3.ebuild | 631 +++++++++++++++++++++++++++++++++ 2 files changed, 632 insertions(+)
*** Bug 934738 has been marked as a duplicate of this bug. ***
*** Bug 934741 has been marked as a duplicate of this bug. ***
Doing a GLSA since the remaining arch stabilizations aren't primaries.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c5244efc38e02f2f0af5af93f3b49a15bf368da2 commit c5244efc38e02f2f0af5af93f3b49a15bf368da2 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-22 09:04:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-22 09:04:22 +0000 [ GLSA 202409-19 ] Emacs, org-mode: Command Execution Vulnerability Bug: https://bugs.gentoo.org/934736 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-19.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+)
https://news.ycombinator.com/item?id=40768225 has some interesting discussion which I meant to link at the time about the vulnerability. https://news.ycombinator.com/item?id=40769363 especially is notable: """ What's of greater importance here is not this specific security issue, but the default configuration of MIME handling in Emacs which can turn any unexpected evaluation bug -which we are likely to see more of- into remote code execution. We've had a previous Org security issue in exactly the same vein [1] and the Emacs MIME defaults are still unsafe. Of course, one can change them (non-trivial and related documentation is extremely confusing, see [2] for a possible solution) but really Emacs should not come with these defaults. The loss of on-by-default functionality such as Org fontification in email message buffers is in no way as important as being wide open to trivial remote code execution. [1] https://github.com/emacs-mirror/emacs/commit/befa9fcaae29a6c... [2] https://xristos.sdf.org/fix-gnus-mime.el.txt """ Their fix-gnus-mime.el.txt is: ``` ;; See: https://www.gnu.org/software/emacs/manual/html_node/emacs-mime/Display-Customization.html#Display-Customization (setq gnus-inhibit-images t mm-html-inhibit-images t mm-enable-external 'ask mm-discouraged-alternatives '("text/html" "text/richtext" "text/enriched" "image/.*") mailcap-download-directory "/tmp") ;; See: https://github.com/emacs-mirror/emacs/commit/befa9fcaae29a6c9a283ba371c3c5234c7f644eb ;; Gnus ignores `mm-automatic-display' for text/ derived MIME types, this is not mentioned ;; in the docstring. Ideally, Gnus would default to dumb display of inline text and allow ;; the user to explicitly enable fancy MIME-based major-mode auto-triggering / fontification. ;; The default fail-open model that turns any unexpected evaluation bug into a remote exploit ;; triggered by the user simply opening an email is a disaster. ;; This is the only way I found to stop Gnus from enabling major modes on arbitrary input. ;; I'm keeping text/plain, text/html and disabling everything else. ;; TODO: Write my own `mm-inline-text' replacement. (setq mm-automatic-display '("text/plain") mm-inlined-types '("text/plain" "text/html") mm-inline-media-tests `(("text/plain" mm-inline-text identity) ("text/html" mm-inline-text-html ,(lambda (_handle) mm-text-html-renderer)) (".*" ignore identity))) ;; Show buttonized UI elements for PGP signed messages (setq gnus-buttonized-mime-types '("multipart/alternative" "multipart/encrypted" "multipart/signed" ".*/signed" "text/x-org" "text/richtext" "text/enriched")) ```
