| Package | emacs25 |
|---|---|
| Version | 25.1+1-4+deb9u2 (stretch) |
| Related CVEs | CVE-2022-45939 CVE-2022-48337 CVE-2022-48339 CVE-2023-28617 |
Xi Lu discovered that missing input sanitizing in Emacs could result in the execution of arbitrary shell commands.
For Debian 9 stretch, these problems have been fixed in version 25.1+1-4+deb9u2.
We recommend that you upgrade your emacs25 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.