Описание
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needed |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [24.3+1-2ubuntu1.1]] |
| esm-infra/xenial | released | 24.5+1-6ubuntu1.1 |
| precise/esm | DNE | |
| trusty | released | 24.3+1-2ubuntu1.1 |
| trusty/esm | DNE | trusty was released [24.3+1-2ubuntu1.1] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 25.2+1-6 |
| bionic | not-affected | 25.2+1-6 |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 25.2+1-6 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
Ссылки на источники
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
GNU Emacs before 25.3 allows remote attackers to execute arbitrary cod ...
6.8 Medium
CVSS2
8.8 High
CVSS3