Your message dated Mon, 20 May 2024 20:34:02 +0000
with message-id <e1s99hq-005dbz...@fasolo.debian.org>
and subject line Bug#1067630: fixed in emacs 1:28.2+1-15+deb12u1
has caused the Debian Bug report #1067630,
regarding emacs-common: Security issues with emacs; remote code execution in 
Gnus
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: emacs-common
Version: 1:28.2+1-15
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

Hello,

https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 describes
some security issues addressed in emacs 29.3.

Among them:

** Gnus now treats inline MIME contents as untrusted.
To get back previous insecure behavior, 'untrusted-content' should be
reset to nil in the buffer.

** LaTeX preview is now by default disabled for email attachments.
To get back previous insecure behavior, set the variable
'org--latex-preview-when-risky' to a non-nil value.

I don't see anything that would explicitly indicate if the version in stable,
1.28.2, is vulnerable but the nature of this leads me to think that it is.

Thanks,

John

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-18-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages emacs-common depends on:
ii  emacs-el             1:28.2+1-15
ii  emacsen-common       3.0.5
ii  init-system-helpers  1.65.2
ii  install-info         6.8-6+b1

emacs-common recommends no packages.

Versions of packages emacs-common suggests:
pn  emacs-common-non-dfsg  <none>
ii  ncurses-term           6.4-4

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:28.2+1-15+deb12u1
Done: Sean Whitton <spwhit...@spwhitton.name>

We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated emacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Apr 2024 10:49:04 +0100
Source: emacs
Architecture: source
Version: 1:28.2+1-15+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1067630
Changes:
 emacs (1:28.2+1-15+deb12u1) bookworm; urgency=high
 .
   * Fix CVE-2024-30202, CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205
     (Closes: #1067630).
Checksums-Sha1:
 3e85a9414e61ea4ab44cc26548923d98a0813049 3035 emacs_28.2+1-15+deb12u1.dsc
 7481211825ed9b505f0f53544fb7a1eacd8fb5cf 129660 
emacs_28.2+1-15+deb12u1.debian.tar.xz
Checksums-Sha256:
 9bf1e65532de80576ce1f547670af7c972824f627af91dd8d978ed3721eeed74 3035 
emacs_28.2+1-15+deb12u1.dsc
 fbaa3e06234b648a4f309aec6d6372142758f1a666ca0e550bf776a86d1bf1a1 129660 
emacs_28.2+1-15+deb12u1.debian.tar.xz
Files:
 1e522ffedefe6960e23d109a89f5811e 3035 editors optional 
emacs_28.2+1-15+deb12u1.dsc
 9f2f96394a84acfe9d377b59322f96c8 129660 editors optional 
emacs_28.2+1-15+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYsys8ACgkQaVt65L8G
YkAxQQ/9GAMIGsa99/GrCXm88eHIj4xK8ybSA5svssNWLlvdNVRWysR8NFLtulPD
gtlzDpY4457iHrPMO28+YN4A3vpdeXGZYHiu5V+EEhp8qs1XhWpzIsgjMK4FEDlC
W7SuIgQla1K8sqEFzJaoBlrQF4mqTu37PXjJ9HcMCHt/dgPmNQnOSpiooyu+5Lwp
XidHbIBygZyfbRSncaJsb0tipPBPtHAfirWVZlsCPmiy7RcDGnjXw1rgPrFnQvwc
jSBbD9I9ZvewrqXBD7g0+FoZoiIJnxKs6/+WaExmUxtjssWGhaE82fK6PLN2eSdJ
2qGXptjgFjMn2jVueS6SlJnomrS1gohP2lIb0e8M3UA4wFbVmqaNpzifSxyPnhZ9
XIHGxelVM2VKSrKLiGY3JtxQszYo7MZeAeTYLBJ0aDZQdcJ3g5Nol0cGsHh0zWw8
bOnm6VKU56oj92y4KFd8NVwZNx7HARsDdL8KQ9AcZgiGH0HoJjLztkah5CnFQs4W
S2Y1g8vwJzBjGHPl30KXDPRRA5FnIn56otqTfkRDjddlRz/+lz+kujvS7sIV+QbM
Y+I23Fm1JJUJb1a0/ulZ6OBXtSKAw+CqKNBkJL6Yw3mz953O+cFxrM31prRYFk2e
pS/w5cvwRZ8Mwz1oOk0L4pmzH/WM2UUIEwMZgybqYkg0oJUukOA=
=fPfi
-----END PGP SIGNATURE-----

Attachment: pgpwDX4CxkVEw.pgp
Description: PGP signature


--- End Message ---

Reply via email to