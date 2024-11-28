Viewing or editing Emacs Lisp code in Emacs can run arbitrary code. The vulnerability stems from unsafe Lisp macro-expansion, which runs unrestricted Emacs Lisp code. Most common configurations are vulnerable (see details below). The best security measures are:

• Avoid visiting untrusted .el files in Emacs

• Disable automatic error checking (with Flymake or Flycheck) in untrusted .el files

• Disable auto-completion features in untrusted .el files

This is a long-standing vulnerability which has been known for several years, but has not been addressed thus far. Emacs maintainers are working on countermeasures that will hopefully make their way into future Emacs versions. This advisory is intended to help users of existing Emacs versions protect themselves.