ALAS-2024-663

In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203)

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. (CVE-2024-30204)

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. (CVE-2024-30205)

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. (CVE-2024-39331)

aarch64:
    emacs-debuginfo-28.2-3.amzn2023.0.8.aarch64
    emacs-common-debuginfo-28.2-3.amzn2023.0.8.aarch64
    emacs-nox-debuginfo-28.2-3.amzn2023.0.8.aarch64
    emacs-lucid-debuginfo-28.2-3.amzn2023.0.8.aarch64
    emacs-devel-28.2-3.amzn2023.0.8.aarch64
    emacs-debugsource-28.2-3.amzn2023.0.8.aarch64
    emacs-nox-28.2-3.amzn2023.0.8.aarch64
    emacs-28.2-3.amzn2023.0.8.aarch64
    emacs-lucid-28.2-3.amzn2023.0.8.aarch64
    emacs-common-28.2-3.amzn2023.0.8.aarch64

noarch:
    emacs-filesystem-28.2-3.amzn2023.0.8.noarch
    emacs-terminal-28.2-3.amzn2023.0.8.noarch

src:
    emacs-28.2-3.amzn2023.0.8.src

x86_64:
    emacs-common-debuginfo-28.2-3.amzn2023.0.8.x86_64
    emacs-devel-28.2-3.amzn2023.0.8.x86_64
    emacs-nox-debuginfo-28.2-3.amzn2023.0.8.x86_64
    emacs-lucid-debuginfo-28.2-3.amzn2023.0.8.x86_64
    emacs-debuginfo-28.2-3.amzn2023.0.8.x86_64
    emacs-debugsource-28.2-3.amzn2023.0.8.x86_64
    emacs-nox-28.2-3.amzn2023.0.8.x86_64
    emacs-28.2-3.amzn2023.0.8.x86_64
    emacs-lucid-28.2-3.amzn2023.0.8.x86_64
    emacs-common-28.2-3.amzn2023.0.8.x86_64