Opened 6 weeks ago
Closed 5 weeks ago
#21139 closed enhancement (fixed)
emacs-30.1
| Reported by: | Douglas R. Reno | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version. This appears to be a security release:
Emacs 30.1 includes security fixes for a shell injection vulnerability in man.el (CVE-2025-1244), and for arbitrary code execution with flymake (CVE-2024-53920). We recommend upgrading immediately.
Upstream is urging all users of Emacs to update immediately in the NEWS file at https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30
The man.el issue appears to be remotely exploitable without any authentication, and has been rated at 8.8/10. The flymake issue is rated as Medium as it requires a user to knowingly try to compile a malicious LISP file.
Change History (4)
comment:1 by , 6 weeks ago
| Milestone: | 12.4 → 12.3 |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:2 by , 6 weeks ago
Changes are documented at https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30
Note:
See TracTickets
for help on using tickets.
We can promote this to 12.3.