View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2023-27985: 1 source package rows (emacs); 17 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.21-community, 3.22-community, edge-community); fixed 14, open 3.
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90