| Package | emacs24 |
|---|---|
| Version | 24.4+1-5+deb8u2 (jessie), 24.5+1-11+deb9u2 (stretch) |
| Related CVEs | CVE-2022-48339 CVE-2023-28617 |
Xi Lu discovered that missing input sanitizing in Emacs could result in the execution of arbitrary shell commands.
For Debian 8 jessie, these problems have been fixed in version 24.4+1-5+deb8u2.
For Debian 9 stretch, these problems have been fixed in version 24.5+1-11+deb9u2.
We recommend that you upgrade your emacs24 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.