I’d like to request a backport of the Emacs 30.1 package from 25.04/Plucky to Ubuntu 24.04/Numbat. This is due to the Debian version of the package doing lots of security-relevant patches, whereas Ubuntu seems to have fallen behind with this. Given that it will take one more year until the next LTS, I feel that this is a reasonable way to provide users of the current LTS release with security fixes.
My motivation for this is having reported CVE-2025-1244, which was resolved in pretty much all important distros except Ubuntu. The bug report Bug #2106301 “package is lacking security update for CVE-2025-12...” : Bugs : emacs package : Ubuntu went unnoticed, so I’m hoping some other solution can be found. If anyone has questions about the specific vulnerability to update the document at CVE-2025-1244 | Ubuntu, I’m more than happy to answer them on whichever communication medium would be appropriate for that.
Note that whole packages do normally not get backported for security vulnerabilities, if it is suitable for the fix to get backported as single patch this will probably eventually happen but since this package is in the universe pocket of the distro you will either have to wait for some community person to step up and backport a patch to the 29.3 package or wait for the assessment of the Ubuntu Security team to decide it is severe enough for creating a patch under Ubuntu Pro… (they typically only patch vulnerabilities that they consider high and critical while the page above shows an Ubuntu assesment for “medium”)
Indeed, as @ogra mentioned and I can confirm, the Emacs snap works fine.
And if, for whatever reason, snapcraft is not your cup of tea, compiling Emacs from source on Ubuntu is trivial.
For security issues, you should report them as “Public Security” information. In your bug report you just used Public, therefore it is not reported to the Ubuntu Security Team. I went ahead and changed the information type.
This is a universe package nevertheless, which means it is community maintained. Therefore if you would like to provide a debdiff fixing the vulnerabilities, the Ubuntu Security Team will gladly review and sponsor it. Do note @ogra 's recommendation.