Thanks for getting back on this. I'm not sure who you're referring to as upstream. The Emacs project? The Debian package? If it's the latter, https://sources.debian.org/patches/emacs/1:28.2%2B1-15%2Bdeb12u4/0048-Fix- man.el-shell-injection-vulnerability.patch/ provides a working patch. Per the linked resources, a debdiff should apply cleanly with `patch -p1 ../patchname.debdiff` and it does with sources obtained via `apt source emacs` on an Ubuntu 24.04 system. If that qualifies, all that's needed is to change the metadata in the patch file, no?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106301 Title: package is lacking security update for CVE-2025-1244 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/emacs/+bug/2106301/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
