- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Emacs: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #945164, #950192
ID: 202506-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Emacs, the worst of
which could lead to arbitrary code execution.

Background
==========

Emacs is the extensible, customizable, self-documenting real-time
display editor. org-mode is an Emacs mode for notes and project
planning.

Affected packages
=================

Package Vulnerable Unaffected
----------------- ------------- --------------
app-editors/emacs < 26.3-r22:26 >= 26.3-r22:26
< 27.2-r20:27 >= 27.2-r20:27
< 28.2-r16:28 >= 28.2-r16:28
< 29.4-r2:29 >= 29.4-r2:29

Description
===========

Multiple vulnerabilities have been discovered in Emacs, org-mode. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Emacs, org-mode users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/emacs-29.4-r2:29"
# emerge --ask --oneshot --verbose ">=app-editors/emacs-28.2-r16:28"
# emerge --ask --oneshot --verbose ">=app-editors/emacs-27.2-r20:27"
# emerge --ask --oneshot --verbose ">=app-editors/emacs-26.3-r22:26"

References
==========

[ 1 ] CVE-2024-53920
https://nvd.nist.gov/vuln/detail/CVE-2024-53920
[ 2 ] CVE-2025-1244
https://nvd.nist.gov/vuln/detail/CVE-2025-1244

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202506-01

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmhKdDoACgkQFMQkOaVy +9leFQ//Rz+9hyNSopUNCetMU0V1ulgBm6ttK4eS0+Gk43tQw4dUegvba2wbbJAm E1iln5QBc1OOdUpKyiTHBqQVCqmC+XbQO0vDNtx59nvL2mJAjT242zZxUbSwfWV8 w54UKjUgTrGiGKNBixWKEET37wqB67MN48xJSrJ1a5WjqJeASDRYp386FI9Fp0TS EWf5F/7RrOZrmlf2dsrgmgEU0QHFqpLJjsDr+XoRNT/uORU1IvoOZAhvA/EENLm7 ys2FK6rJK5tKbwR3ZagRVSz277vvLQb0m9yW+akuaRDFfnXE8tH5Kr4H0xbd2MK3 EL5msyQjzig1R/2K13fl10IEmtvU4mm9IPKu6/btiXkXQCcItUXpzJ3ZgM41E0Zr S0Ys9nXPWJ5z9WIcT7+97Bv4HLIkyQIwUcYXIRLY/C8iki+eUM43ouRoiWPmuE+m X+IALM8PynIkJxWOWtRGqP73GdWd7tqVzvOYO4CY/STaPzQb9JBW0BF/j++l4OQM c5Ahf/z8rl7yuXrCb9mfh5GqxJptgk2Ws5dCoGyn8ZC2OZOHLc2c2KRfieyqxCFg xfgcwWazVcocu5fvRf8BKYlM0bdes40sJmfAkrBX8keWNNzFrfhU3HfleSAz4jIx lOF/GZKK2ypJ8fegP/zTPj1QkcM2q0auzyDfbOVWyrXd8+olo30=
=zvMf
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)