UBUNTU-CVE-2024-53920

Details

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Affected Packages(18 packages)

emacs

Ubuntu 22.04 LTS

Affected versions:

1:27.1+1-3ubuntu31:27.1+1-3ubuntu51:27.1+1-3ubuntu5.11:27.1+1-3ubuntu5.2

emacs

Ubuntu 20.04 LTSUbuntu Pro 20.04 LTS

Affected versions:

1:26.3+1-1ubuntu11:26.3+1-1ubuntu21:26.3+1-1ubuntu2+esm1

emacs

Ubuntu 25.04

Affected versions:

1:29.4+1-3ubuntu11:29.4+1-4ubuntu11:29.4+1-5ubuntu11:29.4+1-6ubuntu31:30.1+1-4ubuntu11:30.1+1-5ubuntu1

emacs

Ubuntu 24.04 LTS

Affected versions:

1:29.1+1-5ubuntu11:29.2+1-1ubuntu11:29.2+1-2ubuntu41:29.3+1-1ubuntu2

emacs24

Ubuntu 16.04 LTSUbuntu Pro 16.04 LTS

Affected versions:

24.5+1-1ubuntu224.5+1-1ubuntu424.5+1-1ubuntu524.5+1-1ubuntu624.5+1-1ubuntu724.5+1-6ubuntu124.5+1-6ubuntu1.124.5+1-6ubuntu1.1+esm124.5+1-6ubuntu1.1+esm224.5+1-6ubuntu1.1+esm3+1 more

emacs25

Ubuntu 18.04 LTSUbuntu Pro 18.04 LTS

Affected versions:

25.2+1-625.2+1-6ubuntu0.1~esm2

xemacs21

Ubuntu 22.04 LTS

Affected versions:

21.4.24-9ubuntu2

xemacs21

Ubuntu Pro 20.04 LTS

Affected versions:

21.4.24-8build121.4.24-9