Your message dated Tue, 11 Dec 2007 08:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#455433: fixed in emacs21 21.4a+1-5.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: emacs22
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for emacs22.
CVE-2007-6109[0]:
| Buffer overflow in emacs allows attackers to have an unknown impact,
| as demonstrated via a vector involving the command line.
You can find the upstream patch for this on:
http://cvs.savannah.gnu.org/viewvc/emacs/emacs/src/editfns.c?r1=1.439.2.3&r2=1.439.2.8
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpPoQOVffDuN.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: emacs21
Source-Version: 21.4a+1-5.2
We believe that the bug you reported is fixed in the latest version of
emacs21, which is due to be installed in the Debian FTP archive:
emacs21-bin-common_21.4a+1-5.2_i386.deb
to pool/main/e/emacs21/emacs21-bin-common_21.4a+1-5.2_i386.deb
emacs21-common_21.4a+1-5.2_all.deb
to pool/main/e/emacs21/emacs21-common_21.4a+1-5.2_all.deb
emacs21-el_21.4a+1-5.2_all.deb
to pool/main/e/emacs21/emacs21-el_21.4a+1-5.2_all.deb
emacs21-nox_21.4a+1-5.2_i386.deb
to pool/main/e/emacs21/emacs21-nox_21.4a+1-5.2_i386.deb
emacs21_21.4a+1-5.2.diff.gz
to pool/main/e/emacs21/emacs21_21.4a+1-5.2.diff.gz
emacs21_21.4a+1-5.2.dsc
to pool/main/e/emacs21/emacs21_21.4a+1-5.2.dsc
emacs21_21.4a+1-5.2_i386.deb
to pool/main/e/emacs21/emacs21_21.4a+1-5.2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated emacs21 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 10 Dec 2007 16:58:47 +0100
Source: emacs21
Binary: emacs21-el emacs21-common emacs21-nox emacs21-bin-common emacs21
Architecture: source all i386
Version: 21.4a+1-5.2
Distribution: unstable
Urgency: high
Maintainer: Rob Browning <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
emacs21 - The GNU Emacs editor
emacs21-bin-common - The GNU Emacs editor's shared, architecture dependent
files
emacs21-common - The GNU Emacs editor's shared, architecture independent
infrastru
emacs21-el - GNU Emacs LISP (.el) files
emacs21-nox - The GNU Emacs editor (without X support)
Closes: 455433
Changes:
emacs21 (21.4a+1-5.2) unstable; urgency=high
.
* Non-maintainer upload by testing-security team.
* This update addresses the following security issue:
- CVE-2007-6109: A stack-based buffer overflow in the format function
when dealing with high precision values could lead to arbitrary code
execution.
Added upstream patch (CVE-2007-6109.diff) to fix this (Closes: #455433).
Files:
adeb3ef4827fba019315d5ca78fa1ce2 880 editors optional emacs21_21.4a+1-5.2.dsc
2148deea08326d4a1c8819a8c8318072 189294 editors optional
emacs21_21.4a+1-5.2.diff.gz
3c417cef8109e821110b0e709e44042b 9434532 editors optional
emacs21-common_21.4a+1-5.2_all.deb
d8780b73f904ff9f557a420d5ecdd608 7219954 editors optional
emacs21-el_21.4a+1-5.2_all.deb
1aaff96c96c6d82c14f781d3f868d58d 2026438 editors optional
emacs21_21.4a+1-5.2_i386.deb
036f1d9330781c10a81ec4014c4ca25d 1833442 editors optional
emacs21-nox_21.4a+1-5.2_i386.deb
10d62b9a34f1ffb05f555f23c2b39c22 148454 editors optional
emacs21-bin-common_21.4a+1-5.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHXkHJHYflSXNkfP8RAjaTAKCitJW8oNog0c6KniPFIzrQIuoZWwCeMzYd
npiAZcrHbbZvzWseQ+6d9KU=
=sj7U
-----END PGP SIGNATURE-----
--- End Message ---
