[$] Emacs code completion can cause compromise
Date:
Wed, 18 Dec 2024 14:55:35 +0000
Description:
Emacs has had a few bugs related to accidentally
permitting the execution of untrusted code. Unfortunately, it seems as though another bug of that sort has appeared and may be harder to patch,
because the problem comes from the way Emacs handles expansion of Lisp macros in
code being analyzed. The
vulnerability is only practically exploitable in a non-default configuration, so
not every Emacs user has something to worry about. The Emacs
developers are reportedly working on a fix, but have not yet shared details about it. In the meantime, every Emacs version since at least
26.1 (released in May2018) through the current development version is vulnerable.
======================================================================
Link to news story:
https://lwn.net/Articles/1002046/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)