summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Müller <ulm@gentoo.org>2023-02-26 21:22:47 +0100
committerUlrich Müller <ulm@gentoo.org>2023-02-26 21:26:38 +0100
commitdb1716e1306ad0961eccb313a0bb33fca2c73f5a (patch)
tree25e391aa0710b9630b298e590d7952b23c066ccb /app-misc/rmlint
parentdev-java/gradle-bin: add 7.6.1, drop 7.6 (diff)
downloadgentoo-db1716e1306ad0961eccb313a0bb33fca2c73f5a.tar.gz
gentoo-db1716e1306ad0961eccb313a0bb33fca2c73f5a.tar.bz2
gentoo-db1716e1306ad0961eccb313a0bb33fca2c73f5a.zip
app-editors/emacs: Fix multiple command injection vulnerabilities
This fixes command injection vulnerabilities in etags (CVE-2022-48337), ruby-mode (CVE-2022-48338), and htmlfontify (CVE-2022-48339) for Emacs slots 25, 26, 27, and 28. Note that Emacs 25 and 26 are not affected by the ruby-mode vulnerability because function ruby-find-library-file did not yet exist (and there is no call to the gem command in ruby-mode.el). Emacs 18 is not affected by either of them: It doesn't have ruby-mode and htmlfontify, and we no longer install the ctags and etags binaries. Bug: https://bugs.gentoo.org/897950 Signed-off-by: Ulrich Müller <ulm@gentoo.org>
Diffstat (limited to 'app-misc/rmlint')
0 files changed, 0 insertions, 0 deletions