Your message dated Mon, 27 May 2024 14:32:34 +0000
with message-id <e1sbbos-00697v...@fasolo.debian.org>
and subject line Bug#1067663: fixed in org-mode 9.4.0+dfsg-1+deb11u2
has caused the Debian Bug report #1067663,
regarding org-mode: CVE-2024-30202 CVE-2024-30205
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067663
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: org-mode
Version: 9.6.10+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: debian-emac...@lists.debian.org, Debian Security Team
<t...@security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In https://list.orgmode.org/87o7b3eczr....@bzg.fr/T/#t, Ihor Radchenko writes
I just released Org mode 9.6.23 that fixes several critical
vulnerabilities. The release is coordinated with emergency Emacs 29.3
release
(https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html).
Please upgrade your Org mode *and* Emacs ASAP.
The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when
previewing attachments in Emacs or when opening third-party Org files.
- -- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages org-mode depends on:
ii elpa-org 9.6.10+dfsg-1
org-mode recommends no packages.
org-mode suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYBSjMACgkQA0U5G1Wq
FSHjuA/+PbZdJex2gariys1U8zA9ExAUW0TKE2Pt/k/bngZt9+B7JGm1bNqSMkBm
mPN+6uIEZdmmasNCqHzNwlxPyezWnL1ik4n3lfz1fkXMSf7YWExcL/rnBvsc6aqi
yzTB0IPP2+1Jx0BV3ysiX62eRlLXiv3NlJQuKHyOwVCjOUDJUdN25YgZQ7b4Q2/S
4lC6O1wkmJqyV/PopvHIeFTo76l8Cg612ZGFrdniXkWB4zUSl2MdfsduimFO4xfp
/izY1u7nCT+bdsKT6OdvKqV5bStEukiklo/A2V9KTWrAQ2xeNwgE0gtP6MYzVfZ+
f7of4+SCqt0dZMwLiuZse+XA82nPnDqSdiT5A5EGRQ8am5BQ9d0weOoaQMho3vym
bUQO0rdU0MCrZR3MxCH4YPKm1ge1wPS7zLL48/+6PFhlHHkmQ1t98EzCbJ+gEgJW
Qm/wnT0ctJRmp2uqGDpRLeI0t+YU/kyfaaHS/rB7XSkQN6vBmJKnClGmgFnhVphR
hrQVVpJjD0SeZSv9uOUI17HfPz9v3pIKLCMs4R2+WTddxf6bdXytFmlOWBlcvEpE
0ocIW00D68jDWx0Bq1PItEJ11V9GbcqrigtBHfEocYVnL4hB3x5lkaGkMF5P2gOn
4OL3eC+UqJoEpr53PiD5fdbo7WkeI3NCdDBqb/GDn9Kj4HQyZqY=
=aTCW
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: org-mode
Source-Version: 9.4.0+dfsg-1+deb11u2
Done: Sean Whitton <spwhit...@spwhitton.name>
We believe that the bug you reported is fixed in the latest version of
org-mode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated org-mode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 30 Apr 2024 09:08:33 +0100
Source: org-mode
Architecture: source
Version: 9.4.0+dfsg-1+deb11u2
Distribution: bullseye
Urgency: high
Maintainer: Debian Emacsen team <debian-emac...@lists.debian.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1067663
Changes:
org-mode (9.4.0+dfsg-1+deb11u2) bullseye; urgency=high
.
* Team upload.
* Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067663).
- Require Emacs 1:27.1+1-3.1+deb11u3 to ensure we get the whole fix.
Checksums-Sha1:
9f86453ec1e751776f58412909973809468b51d5 2135 org-mode_9.4.0+dfsg-1+deb11u2.dsc
101b1454f5b15378a2650d9ea1c3ea934b7553f1 16148
org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz
Checksums-Sha256:
1fc47ddbae681fe21dac3728c493a0d11c611ae0ca0d7b67548f9813b8eb5848 2135
org-mode_9.4.0+dfsg-1+deb11u2.dsc
5181b3a3b412d5b5de9b3f502a54d0f9410613559399c7b5a79244e25e4e79e6 16148
org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz
Files:
acb4bf7a9c2e1ee29570848933deae56 2135 lisp optional
org-mode_9.4.0+dfsg-1+deb11u2.dsc
babfd58f7fd2b14fe48e99ad9d93faac 16148 lisp optional
org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYwqHIACgkQaVt65L8G
YkCg7RAAs+D7mPajApISrDm+aHwFS5CtKh93kYcbi3tNX9pMrBIbXdSVfXCanlfn
ks50fTz4/cFN35FbJFy02/OIC6jQ6e6luQOLP6N0upYmtkDAbLOmupYwRdHZVunf
OWvs8nvO8kmhemy0BwCAVO4ao1nLybEAGjtgrMrqwaC1bc0enSz4kqoRy7w2iRVC
CNSPp54KYhGAgZVaQJ30tCHCgzXs5bT02zxTUMWgR8GeH11cTeR0BENqIhXriWpm
2sVWIGSRMJEu2dLjvwUZUOeby1WjA+vKvxQ2Vid63Ql5TlCQXX31ObBsr9fV8dUB
1Bhf35o5YTtD7tzvNfGsR1yF2/rmTIgxpslcB2U/2FMM15Tqvky+c49Zq60Wm56g
gF6WtVEtLgpOMtxIbVdE/jeSCPfja1F6uYlVG1lM1bnox/kEzUCVORicf6naCF6R
D74MhfSbS1zSmheDma5Twycp0h1ckKZ/4WKlhOYYelOTDm0S1DngA/NB93SIKSJK
q8FkdJPAIT0bO59tVwxtRk5c18b4IdvksY8pbi51pS44Rh+Fkv/mL1BGggerY8RF
vZW1MaJOKSRzw9Ilt/PM/T0diLou2+7dii02G17ZWNew0+QNy14rfvTz1aH6Xgkt
h+BaLbrrFVwjMoW0nORGoFeHNoeAIjMIdi8+DkOaVNvg59oT2Js=
=eed4
-----END PGP SIGNATURE-----
pgpbUYrVQ81gB.pgp
Description: PGP signature
--- End Message ---
