Source: org-mode Version: 9.5.2+dfsh-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: clone -1 -2 Control: reassign -2 src:emacs 1:28.2+1-13 Control: retitle -2 emacs: CVE-2023-28617
Hi, The following vulnerability was published for org-mode (and emacs, will close tis bug). CVE-2023-28617[0]: | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for | GNU Emacs allows attackers to execute arbitrary commands via a file | name or directory name that contains shell metacharacters. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-28617 https://www.cve.org/CVERecord?id=CVE-2023-28617 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
