In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emacs | Gnu | * | 29.3 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | emacs-1:26.1-12.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | emacs-1:26.1-12.el8_10 | * |
| Red Hat Enterprise Linux 9 | RedHat | emacs-1:27.2-10.el9 | * |
| Emacs | Ubuntu | esm-apps/focal | * |
| Emacs | Ubuntu | esm-apps/jammy | * |
| Emacs | Ubuntu | focal | * |
| Emacs | Ubuntu | jammy | * |
| Emacs | Ubuntu | mantic | * |
| Emacs24 | Ubuntu | esm-infra/xenial | * |
| Emacs25 | Ubuntu | esm-infra/bionic | * |
| Xemacs21 | Ubuntu | focal | * |
| Xemacs21 | Ubuntu | mantic | * |
| Xemacs21 | Ubuntu | oracular | * |
| Xemacs21 | Ubuntu | plucky | * |
| Xemacs21 | Ubuntu | upstream | * |
| Xemacs21-packages | Ubuntu | focal | * |
| Xemacs21-packages | Ubuntu | mantic | * |
| Xemacs21-packages | Ubuntu | oracular | * |
| Xemacs21-packages | Ubuntu | plucky | * |
References
- http://www.openwall.com/lists/oss-security/2024/03/25/2
- http://www.openwall.com/lists/oss-security/2024/04/08/3
- http://www.openwall.com/lists/oss-security/2024/04/08/4
- http://www.openwall.com/lists/oss-security/2024/04/08/6
- http://www.openwall.com/lists/oss-security/2024/04/08/7
- http://www.openwall.com/lists/oss-security/2024/04/10/3
- http://www.openwall.com/lists/oss-security/2024/04/10/4
- http://www.openwall.com/lists/oss-security/2024/04/10/5
- http://www.openwall.com/lists/oss-security/2024/04/10/6
- http://www.openwall.com/lists/oss-security/2024/04/11/4
- http://www.openwall.com/lists/oss-security/2024/04/11/5
- http://www.openwall.com/lists/oss-security/2024/04/11/6
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=937b9042ad7426acdcca33e3d931d8f495bdd804
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
- https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html
- http://www.openwall.com/lists/oss-security/2024/03/25/2
- http://www.openwall.com/lists/oss-security/2024/04/08/3
- http://www.openwall.com/lists/oss-security/2024/04/08/4
- http://www.openwall.com/lists/oss-security/2024/04/08/6
- http://www.openwall.com/lists/oss-security/2024/04/08/7
- http://www.openwall.com/lists/oss-security/2024/04/10/3
- http://www.openwall.com/lists/oss-security/2024/04/10/4
- http://www.openwall.com/lists/oss-security/2024/04/10/5
- http://www.openwall.com/lists/oss-security/2024/04/10/6
- http://www.openwall.com/lists/oss-security/2024/04/11/4
- http://www.openwall.com/lists/oss-security/2024/04/11/5
- http://www.openwall.com/lists/oss-security/2024/04/11/6
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=937b9042ad7426acdcca33e3d931d8f495bdd804
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
- https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html