Subj : [$] Emacs code completion can cause compromise
To   : All
From : LWN.net
Date : Wed Dec 18 2024 15:02:14

[$] Emacs code completion can cause compromise

Date:
Wed, 18 Dec 2024 14:55:35 +0000

Description:
Emacs has had a few bugs related to accidentally
permitting the execution of untrusted code. Unfortunately, it seems as though
another bug of that sort has appeared  and may be harder to patch,
because the problem comes from the way Emacs handles expansion of Lisp macros 
in
code being analyzed. The
vulnerability is only practically exploitable in a non-default configuration, 
so
not every Emacs user has something to worry about. The Emacs
developers are reportedly working on a fix, but have not yet shared details
about it. In the meantime, every Emacs version since at least
26.1 (released in May2018) through the current development version is 
vulnerable.

======================================================================
Link to news story:
https://lwn.net/Articles/1002046/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.