Your message dated Mon, 27 May 2024 13:32:31 +0000
with message-id <e1sbasl-005car...@fasolo.debian.org>
and subject line Bug#1067630: fixed in emacs 1:27.1+1-3.1+deb11u3
has caused the Debian Bug report #1067630,
regarding emacs-common: Security issues with emacs; remote code execution in
Gnus
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: emacs-common
Version: 1:28.2+1-15
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hello,
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 describes
some security issues addressed in emacs 29.3.
Among them:
** Gnus now treats inline MIME contents as untrusted.
To get back previous insecure behavior, 'untrusted-content' should be
reset to nil in the buffer.
** LaTeX preview is now by default disabled for email attachments.
To get back previous insecure behavior, set the variable
'org--latex-preview-when-risky' to a non-nil value.
I don't see anything that would explicitly indicate if the version in stable,
1.28.2, is vulnerable but the nature of this leads me to think that it is.
Thanks,
John
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-18-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages emacs-common depends on:
ii emacs-el 1:28.2+1-15
ii emacsen-common 3.0.5
ii init-system-helpers 1.65.2
ii install-info 6.8-6+b1
emacs-common recommends no packages.
Versions of packages emacs-common suggests:
pn emacs-common-non-dfsg <none>
ii ncurses-term 6.4-4
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:27.1+1-3.1+deb11u3
Done: Sean Whitton <spwhit...@spwhitton.name>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Apr 2024 12:16:08 +0100
Source: emacs
Architecture: source
Version: 1:27.1+1-3.1+deb11u3
Distribution: bullseye
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1031730 1067630
Changes:
emacs (1:27.1+1-3.1+deb11u3) bullseye; urgency=high
.
* Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067630).
.
emacs (1:27.1+1-3.1+deb11u2) bullseye-security; urgency=medium
.
* CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 (Closes: #1031730)
Checksums-Sha1:
083dbc7d8d2cbc513d2749ffb70cdaec5ade95af 2963 emacs_27.1+1-3.1+deb11u3.dsc
379dbd67c8704ca33e222f24e894b0970e8c85a9 119968
emacs_27.1+1-3.1+deb11u3.debian.tar.xz
Checksums-Sha256:
1a01d5d22ac2051a5f8a3567ffdda20bbd534b86b4926f6bcb5ea8c2067e0bfe 2963
emacs_27.1+1-3.1+deb11u3.dsc
f3d72bec1231dff7a1f4033e30bca3cf7c5f9ae126a1d2cbabefb35d1fc792ad 119968
emacs_27.1+1-3.1+deb11u3.debian.tar.xz
Files:
8cd53d7584a44380442acb23889f8c92 2963 editors optional
emacs_27.1+1-3.1+deb11u3.dsc
735d1d15299ea5759709b578e356d96d 119968 editors optional
emacs_27.1+1-3.1+deb11u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYs3zUACgkQaVt65L8G
YkAPWxAApAgXkkFkrStIqe/uP8FHr9nUhoJtwLPjKrQ7+lLEOp1QOMfiZLluNh9o
bYdRQKVu9yRdNmRpjeBIXwqsSUVjgeoOG12dtB9/+nitUOSivLISLKSUUfDMIc82
4YFJBBLLPbJE9nFQiTz7vSAQMIVolrUkqqPFq1TBs5o7xKha/fecMY2SkmAafnUU
0QasjpKsOh6dL48loKngecbl3I8IDKPKZ48F01i3TgyM9R0CP8hxVb59vEDgE6nb
wJ0Dxx5e9ueNRzU385nvbsZBCMDYqA6rtNk+mc/rQsw974jYEhfzy4/PPlpPtmAH
nqDTQRlIAtSIBg22IbmF8vzgGVsCqVVsDkHkcLqGQRZaFUwIWBOTtO0PmmYsEw9U
0Qi9eCgLAbG4RN7UkNc+N2FcWoZxRlj0CiYiKpiqmZ9xLUZePtZ2iNB49Q0dC1Q0
FU0C73bwaqo8hTxt8Url/Ey9nvJFHTO3cJA1PJlGlZ0YC1E8oxYySTlL6ZtAfSx5
MOxjAbh1oEyt4pFDkPfnSEYmQQg7CCvjXAGNlacZg5pQbqqS63B9OwCFd3XdLpmw
PYVOIqIGrgnymGl0AS4VhBnjy288/6S0oNIvIjpm/RUOXsHU2TGnORDCQJNPhbba
19A47k6yMx0OxHF9kjXqXLutpkXQm0yHV3tJIdx77M5IkuZr6h8=
=6Xie
-----END PGP SIGNATURE-----
pgpljx9kqYuG2.pgp
Description: PGP signature
--- End Message ---
