CVE-2023-27985: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. CVE-2023-27986: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. The app-editors/emacs package never installed the desktop file in question, so they are _not_ affected. The file is installed by x11-misc/emacs-desktop-mail, which has been fixed in version 1.2 (and previous versions have been removed): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f29d9f2912573e696b9cb6019cb036246d7d21e
All unstable, so already all done, thanks!