{"id":"UBUNTU-CVE-2023-27985","details":"emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90","modified":"2026-04-27T18:19:20.331876Z","published":"2023-03-09T06:15:00Z","upstream":["CVE-2023-27985"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-27985"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/03/08/2"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2023/03/09/1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-27985"}],"affected":[{"package":{"name":"xemacs21","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/xemacs21@21.4.22-14ubuntu1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.22-4ubuntu3","21.4.22-14ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21"},{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21-bin"},{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21-mule"},{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21-support"},{"binary_version":"21.4.22-14ubuntu1","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.2-2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-2"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/xemacs21@21.4.24-5ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.24-4ubuntu1","21.4.24-5ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21"},{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21-bin"},{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21-mule"},{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21-support"},{"binary_version":"21.4.24-5ubuntu1","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.2-4?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-4"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xemacs21@21.4.24-9?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.24-8build1","21.4.24-9"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.24-9","binary_name":"xemacs21"},{"binary_version":"21.4.24-9","binary_name":"xemacs21-bin"},{"binary_version":"21.4.24-9","binary_name":"xemacs21-mule"},{"binary_version":"21.4.24-9","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.24-9","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.24-9","binary_name":"xemacs21-support"},{"binary_version":"21.4.24-9","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.2-5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-4","2009.02.17.dfsg.2-5"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/xemacs21@21.4.24-9ubuntu2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.24-9ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21"},{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21-bin"},{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21-mule"},{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21-support"},{"binary_version":"21.4.24-9ubuntu2","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.2-5?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-5"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/xemacs21@21.4.24-12build3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.24-12","21.4.24-12build2","21.4.24-12build3"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.24-12build3","binary_name":"xemacs21"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-bin"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-mule"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-support"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.3-3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.3-2","2009.02.17.dfsg.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/xemacs21@21.4.24-12build3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.24-12build3"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.24-12build3","binary_name":"xemacs21"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-bin"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-mule"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-support"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.3-3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/xemacs21@21.4.24-12build3?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["21.4.24-12build3"],"ecosystem_specific":{"binaries":[{"binary_version":"21.4.24-12build3","binary_name":"xemacs21"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-bin"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-mule"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-mule-canna-wnn"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-nomule"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-support"},{"binary_version":"21.4.24-12build3","binary_name":"xemacs21-supportel"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/xemacs21-packages@2009.02.17.dfsg.3-3build1?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.3-3","2009.02.17.dfsg.3-3build1"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27985.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}