Your message dated Tue, 12 Sep 2017 03:49:24 +0000 with message-id <e1drccs-0008os...@fasolo.debian.org> and subject line Bug#875447: fixed in emacs25 25.2+1-6 has caused the Debian Bug report #875447, regarding emacs25: enriched text remote code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875447: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875447 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: emacs25 Version: 25.1+1-4 Severity: grave Tags: patch upstream security Justification: user security hole Forwarded: https://bugs.gnu.org/28350 Control: clone -1 -2 -3 Control: reassign -2 src:emacs24 24.4+1-4 Control: retitle -2 emacs24: enriched text remote code execution Control: reassing -3 src:emacs23 23.4+1-4 Control: retitle -3 emacs23: enriched text remote code execution Hi See http://www.openwall.com/lists/oss-security/2017/09/11/1 for details. The bug has been reported upstream at: https://bugs.gnu.org/28350 Upstream commit: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: emacs25 Source-Version: 25.2+1-6 We believe that the bug you reported is fixed in the latest version of emacs25, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rob Browning <r...@defaultvalue.org> (supplier of updated emacs25 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Sep 2017 21:51:49 -0500 Source: emacs25 Binary: emacs25-lucid emacs25-lucid-dbg emacs25-nox emacs25-nox-dbg emacs25 emacs25-dbg emacs25-bin-common emacs25-common emacs25-el Architecture: source amd64 all Version: 25.2+1-6 Distribution: unstable Urgency: high Maintainer: Rob Browning <r...@defaultvalue.org> Changed-By: Rob Browning <r...@defaultvalue.org> Description: emacs25 - GNU Emacs editor (with GTK+ GUI support) emacs25-bin-common - GNU Emacs editor's shared, architecture dependent files emacs25-common - GNU Emacs editor's shared, architecture independent infrastructur emacs25-dbg - Debugging symbols for emacs25 emacs25-el - GNU Emacs LISP (.el) files emacs25-lucid - GNU Emacs editor (with Lucid GUI support) emacs25-lucid-dbg - Debugging symbols for emacs25-lucid emacs25-nox - GNU Emacs editor (without GUI support) emacs25-nox-dbg - Debugging symbols for emacs25-nox Closes: 875447 Changes: emacs25 (25.2+1-6) unstable; urgency=high . * Block remote code execution via enriched text. Add 0012-A-remote-execution-exploit-via-enriched-text-has-bee.patch to fix the problem. Thanks to David Bremner for the alert and Salvatore Bonaccorso for reporting the problem to Debian. (Closes: 875447) Checksums-Sha1: 4a679c00cb84d32541ff89a1681b0a0e92291379 2827 emacs25_25.2+1-6.dsc 3ec8f3e6d567aae1e26fab79c3ace01a23f93062 53580 emacs25_25.2+1-6.debian.tar.xz 8aaeddc33e0d2489c326859c22ae9a330552e094 287520 emacs25-bin-common-dbgsym_25.2+1-6_amd64.deb d5470641b7c22b41417277420798e6e3470c1069 152804 emacs25-bin-common_25.2+1-6_amd64.deb c05cf4bc62c37fb375dfadc6e1d1a687449faf28 13165534 emacs25-common_25.2+1-6_all.deb a2e96c3bfca681afc9ddfd743372511608ef259b 5215368 emacs25-dbg_25.2+1-6_amd64.deb 72dd52a7b8fbad98cdd09d276e434dc2ce485bee 15662486 emacs25-el_25.2+1-6_all.deb b0766c0b66a02bb7448f6ffe6f94a2ac0e630860 5307892 emacs25-lucid-dbg_25.2+1-6_amd64.deb c68a7598e5aeb09c2cfb1dea930ae452cc703b2c 3511184 emacs25-lucid_25.2+1-6_amd64.deb 9bd0e34fe90a401e5d73babee3998f4f242178b5 3679566 emacs25-nox-dbg_25.2+1-6_amd64.deb d071c942961d32c1fca357fe8122729a6703748f 3082952 emacs25-nox_25.2+1-6_amd64.deb fa98a785afaa790c06c81afb07db0be843131b6f 19498 emacs25_25.2+1-6_amd64.buildinfo e9fa60bff8e08f0f5b16ae306cc5b60645812e3f 3504984 emacs25_25.2+1-6_amd64.deb Checksums-Sha256: 0fd364f2c708d3790e7acd59dbfb9ede0753cd4a5ae9b571d055d23a690b98fd 2827 emacs25_25.2+1-6.dsc c3e31961fd96cd0eb56b0949a797463208338ac6a76e101f77ed8cad7465b4ef 53580 emacs25_25.2+1-6.debian.tar.xz 871b6cea7cd6a553c55578e0caf18eee5b94438baf11af1361d7cf82574da0ca 287520 emacs25-bin-common-dbgsym_25.2+1-6_amd64.deb 1f4bb6a3ed15447ae7d8f54988020afc0a707f29918405c997921ea874145e57 152804 emacs25-bin-common_25.2+1-6_amd64.deb a10379c6fa698dc5bb2ce108314caa328ba483dae1e342e32ec2041497883308 13165534 emacs25-common_25.2+1-6_all.deb 301a56e2e74b9958bc7b66eb8f8f1f62ca33c5980b44bed354e9d5a4d7caacd3 5215368 emacs25-dbg_25.2+1-6_amd64.deb 2a2cc8fcb297ee43ddf3ef0bd9011dac8e972b723b3a9944ea8710bde7f6b9e6 15662486 emacs25-el_25.2+1-6_all.deb 5a24a4d844360ec2f05f61a8f05a5165a98ac920c1da1247b3d83452e1ecb987 5307892 emacs25-lucid-dbg_25.2+1-6_amd64.deb 2b4943bfb2a5132826341e124a9073bfe8239eb1e1fa754282daff75956656cf 3511184 emacs25-lucid_25.2+1-6_amd64.deb ad2be7526ea6d8d8f07168b17d11f37813ca7aefe369d660ebda5ee3d8181f96 3679566 emacs25-nox-dbg_25.2+1-6_amd64.deb 949c7665803e1129b7bd35ed0b7bc1a5c34e80415568742a6b9b7ac7811f8d2f 3082952 emacs25-nox_25.2+1-6_amd64.deb a978544ae2006b6a894c2e8c5efed3f9e81035801c8d7a7b85da858dbe4f27ae 19498 emacs25_25.2+1-6_amd64.buildinfo 6a530b943c12f13d5bfd80be35fabc8912d37224f2310167083c1a541c8c52ab 3504984 emacs25_25.2+1-6_amd64.deb Files: 8d8a33a099d0476fc94436a4652db96e 2827 editors optional emacs25_25.2+1-6.dsc 55c3fc5518adbc16ffabe69cdb283972 53580 editors optional emacs25_25.2+1-6.debian.tar.xz 2c9b82c623329ade2022a9530f11bb4f 287520 debug optional emacs25-bin-common-dbgsym_25.2+1-6_amd64.deb 579f9619e2f98801825ae612589a6453 152804 editors optional emacs25-bin-common_25.2+1-6_amd64.deb b7b75f95f269d971ba3b98a14a4c3627 13165534 editors optional emacs25-common_25.2+1-6_all.deb 7660d80c6da9ab8370cc5051dde477a2 5215368 debug extra emacs25-dbg_25.2+1-6_amd64.deb 16aee2dd7c62601a8566f69be5394052 15662486 editors optional emacs25-el_25.2+1-6_all.deb a23cb05d618f24f6988f8e26dda2d456 5307892 debug extra emacs25-lucid-dbg_25.2+1-6_amd64.deb 5318abae02f3deb202156057ae32de3e 3511184 editors optional emacs25-lucid_25.2+1-6_amd64.deb 139c215fa9269789a88604a12b7ad844 3679566 debug extra emacs25-nox-dbg_25.2+1-6_amd64.deb e958117a91a178ef424dfb5acb185c5c 3082952 editors optional emacs25-nox_25.2+1-6_amd64.deb 77457d33db28058999421488ae1edf9d 19498 editors optional emacs25_25.2+1-6_amd64.buildinfo b21e423fc17dbccc2c09064c14a56c01 3504984 editors optional emacs25_25.2+1-6_amd64.deb -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEPTFSABe5ruOuhW+97vEWxVpaQvEFAlm3U5MVHHJsYkBkZWZh dWx0dmFsdWUub3JnAAoJEO7xFsVaWkLxCA4P/jeBHk6fv9dZcrlu0r2rF/AASpJt s/Ohv92wW4+VVmX5OHbuCdI/YGtpI5jMLNWj6LzqwOn5ND7Sk2ovXeO0g0SGz69H 1tj8eItZvtFxGVInFc5u3U8p8rHrPAEFl2WMNiX4HJAPeRnBHszWJGaqJ/cyassg DbyvlaINhS5sTR7JBJbPQPHrSaa+kY68bEToRrYwnPNBV7fK2UH1rQN62uMh2Z+u m7gDVnRehokhGxcGCQfFCRYhFd7R+2I2LU0beZ4byh/ZF8/WJvz3u+q0jWZYAR1g Qi7T2uUnhzpne2fLFTYfd7Jg/3FeUoDcDGoJZHU98RVx6cKdbyPG+NTNa7Znm1Wt el3e6yaq9x7zpNQjQd2dTM4grYzBmH4oVLWeuWhj1fd3SipCJarOb6TDVyT6QUfO 9PfjcLpGsIdPt2IvuqHJwr26PDHQaA8nLSsAW/p47bMwvHneeahl+F98Eu7GoCnb 1AcMJCQEpyYnv7aq29d8OSN2Z3Zrjm9L17+36qw0KI35fV5yRfkzlRHZnbeSQ2iC VOQ5VEKNKwOD+TXoNziTD6PrdKMxjtO+Fji/zD0QCR9iD/13g7Djeatw939fzOMk b6gVfXAS5j8GJvnFWWe+Vvkgj/MDcKKLy+dBfnzN4wLgRl3islV+XOM+8k1+B9hS pfs9S25u1/y9JEme =q+Vm -----END PGP SIGNATURE-----
--- End Message ---
