CVE-2024-30202:
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVE-2024-30203:
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVE-2024-30204:
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVE-2024-30205:
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVE-2024-39331:
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.2 instead of
4.7.0).