Your message dated Mon, 27 May 2024 13:32:31 +0000
with message-id <e1sbasl-005cbl...@fasolo.debian.org>
and subject line Bug#1067630: fixed in emacs 1:27.1+1-3.1+deb11u4
has caused the Debian Bug report #1067630,
regarding emacs: CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: emacs
Version: 29.2+1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>,
debian-emac...@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
According to the 29.3 release notes
* Changes in Emacs 29.3
Emacs 29.3 is an emergency bugfix release intended to fix several
security vulnerabilities described below.
** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode.
This is for security reasons, to avoid evaluating malicious Lisp code.
** New buffer-local variable 'untrusted-content'.
When this is non-nil, Lisp programs should treat buffer contents with
extra caution.
** Gnus now treats inline MIME contents as untrusted.
To get back previous insecure behavior, 'untrusted-content' should be
reset to nil in the buffer.
** LaTeX preview is now by default disabled for email attachments.
To get back previous insecure behavior, set the variable
'org--latex-preview-when-risky' to a non-nil value.
** Org mode now considers contents of remote files to be untrusted.
Remote files are recognized by calling 'file-remote-p'.
- -- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYAhNIACgkQA0U5G1Wq
FSEANg//cukjqohXxNRpkxbutqHHvOB1aAr3d78jowjP3Yb9ozAArNxUjuJHEdSZ
5HCASm269atf5753maZILjyx3VmF/qUihyGjbbWjqMwNrQkkQiuXBfYn1F4R76/V
tyFile5NZVXIgYMykLb+rSHap6KMBnhjvLWSwNsDMuD8WB7OPH7KOI2xYqkUb7ue
SIgkCr0GJ+LaHOAYlRKkAYok4qwIfijLBw41Bt7t9Tawh+5d5nDkNPDphFOB+bG+
1hOQD8KVYWIceRK83wcDictSxbeTSo/cp6cEtVZX3yrDvBRbj3VKjKWL+0UIKfWO
iGWQYn622B7WbBIwEddQMmla+nxa5rxEN9VMEE8N5xcpI1lnL0lVSxw0jbT0FopJ
PmwFYmz1+pxB2fhRTv1T7ZTSAJS3BKQ9u2R8tuKO5ilSYp1zJrBBIazGPZ3Q+UBS
EoPh4hy5G4IZ3X3yaE9cX76fdDMMGPQ7HIinkw5A7KWb8zHse5m3+WG+iPNuveHU
GRwOB9pDDRTQrQVG8of2YVS0kLb9eu2jUD0sbi8As3P5Mr/gXHlrSgs5t1qg3HuA
Kkg7m7PAONZu0LBZNZsItm/V0weDqBdE+LZsa/1LUk3H+zvswhctlNLuZ7Y4mKqh
YpuwmZ2+cv1To2M/DKbBx2ngl5EiojF8hk5pGezcZ811NRFAQKc=
=BxE4
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:27.1+1-3.1+deb11u4
Done: Sean Whitton <spwhit...@spwhitton.name>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 May 2024 09:43:09 +0100
Source: emacs
Architecture: source
Version: 1:27.1+1-3.1+deb11u4
Distribution: bullseye
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1031730 1031888 1067630
Changes:
emacs (1:27.1+1-3.1+deb11u4) bullseye; urgency=high
.
* Fix memory leak in patch for CVE-2022-48337 (Closes: #1031888).
.
emacs (1:27.1+1-3.1+deb11u3) bullseye; urgency=high
.
* Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067630).
.
emacs (1:27.1+1-3.1+deb11u2) bullseye-security; urgency=medium
.
* CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 (Closes: #1031730)
Checksums-Sha1:
3f3676d78b565cb48d782ec82e07740d04b38b8b 2963 emacs_27.1+1-3.1+deb11u4.dsc
3e32548f3d0961f699a5069035f95cfe37b7b99e 120180
emacs_27.1+1-3.1+deb11u4.debian.tar.xz
Checksums-Sha256:
944652cb0ff6abc6ea18dc4b4ffda909c6c22b442de0af87ccfefde822d90887 2963
emacs_27.1+1-3.1+deb11u4.dsc
d956ccbd6a2c65f7b4761920f55d00d48f0b96f3dadc52afcc0a429d420c512c 120180
emacs_27.1+1-3.1+deb11u4.debian.tar.xz
Files:
fd8624f084cb8dd795381da2aaa5128f 2963 editors optional
emacs_27.1+1-3.1+deb11u4.dsc
69a0c1faa2010a043011094a01c02eb9 120180 editors optional
emacs_27.1+1-3.1+deb11u4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmZTHssACgkQaVt65L8G
YkBpnA/+PPY64En3r5La7JgIKaYBWrU2wxi1tZCEKThIRw/2fYsbTq025AlbtjRz
Wxx8OF0U2bfmCRltdocytORRaZxf4mW6Mi+KFp1d9HMNHnFkt+gLX2XGtIYeevyc
NLkeKI02VEBChn4OWgZyYavhG5HuhTiHa/es9HCtj8fX3JFmtNx4z9SeiNky8LTQ
Xi+kXxP3gqs5+Pce0Yyi89Cd8AnIyx/owgserez+A5mid8GQM8DIbaA9FxyaDALF
PYbPK11LoLQMdYI/7RXMI0CO0ZTBtq2jsWObc/uq3Mi4Mi0Rmjt/FP+qeaYwoaLn
sn+RnkapyOCN6aEIhUsBlqyhJIpaZqFzUIRt9qoxtRpiqktoZhgJZ72e4eWWTdD/
j40SAs6w6COSG+VFaRelteiaPci+LUScZcPk+Q/GGwbfht7gi7oQuzEKMFE4Bc12
ipVeGv+9eMJOHjMM1RIar85YRAlp5aIzCTSCORip12VJofqbowYQdVND5z2NUz7P
qlBI/AwMxDvwIamWjS2bY2AuFWHUAP7hfZOg7/OPq+ETRt/EXl0r1VGaFsjHhJZb
hR8/5OF4J4S0sZM0/PmPBJXh/zUJnrqpvaP3axgbd7gphyP+WPurEy7NpS2enoQ8
3qPjTMYBI8BEx38jZrKETCWDtYGwZbwqSNoW1ZcH8MDr0NSjxz4=
=vQYD
-----END PGP SIGNATURE-----
pgpuGbkiBaDOb.pgp
Description: PGP signature
--- End Message ---
