Your message dated Sat, 15 Jun 2024 21:17:08 +0000
with message-id <e1sialo-008su8...@fasolo.debian.org>
and subject line Bug#1067630: fixed in emacs 1:28.2+1-15+deb12u2
has caused the Debian Bug report #1067630,
regarding emacs-common: Security issues with emacs; remote code execution in
Gnus
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: emacs-common
Version: 1:28.2+1-15
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hello,
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 describes
some security issues addressed in emacs 29.3.
Among them:
** Gnus now treats inline MIME contents as untrusted.
To get back previous insecure behavior, 'untrusted-content' should be
reset to nil in the buffer.
** LaTeX preview is now by default disabled for email attachments.
To get back previous insecure behavior, set the variable
'org--latex-preview-when-risky' to a non-nil value.
I don't see anything that would explicitly indicate if the version in stable,
1.28.2, is vulnerable but the nature of this leads me to think that it is.
Thanks,
John
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-18-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages emacs-common depends on:
ii emacs-el 1:28.2+1-15
ii emacsen-common 3.0.5
ii init-system-helpers 1.65.2
ii install-info 6.8-6+b1
emacs-common recommends no packages.
Versions of packages emacs-common suggests:
pn emacs-common-non-dfsg <none>
ii ncurses-term 6.4-4
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:28.2+1-15+deb12u2
Done: Rob Browning <r...@defaultvalue.org>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rob Browning <r...@defaultvalue.org> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 08 Jun 2024 17:12:26 -0500
Source: emacs
Architecture: source
Version: 1:28.2+1-15+deb12u2
Distribution: bookworm
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Rob Browning <r...@defaultvalue.org>
Closes: 942413 1067630 1070664
Changes:
emacs (1:28.2+1-15+deb12u2) bookworm; urgency=medium
.
* debian/rules: fix override_dh_auto_install indentation.
.
* Update package-keyring.gpg to deb/emacs/v/29.3+1-3 version. The
existing keyring has expired. Replace it with the upstream version
from our latest 29.3 package, retrieved from our repository via "git
show deb/emacs/v/29.3+1-3:etc/package-keyring.gpg >
debian/replace/etc/package-keyring.gpg". (Closes: 1070664, 942413)
.
emacs (1:28.2+1-15+deb12u1) bookworm; urgency=high
.
* Fix CVE-2024-30202, CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205
(Closes: #1067630).
Checksums-Sha1:
e64351a688a28470b7c687d0d82f5353727c04dc 3064 emacs_28.2+1-15+deb12u2.dsc
4d3c7621f055b59eb601802cc2b14e0e9158aa22 132000
emacs_28.2+1-15+deb12u2.debian.tar.xz
Checksums-Sha256:
bddc14bbe1ca94ade9d40033faa880aea43809349efbebc539c44bbc533d4eb6 3064
emacs_28.2+1-15+deb12u2.dsc
584c2d8469267ddf1a5bd7c05644920b4804de439300266032bfbaae1146b5bb 132000
emacs_28.2+1-15+deb12u2.debian.tar.xz
Files:
48a2db0f1fbf1b550dbb3929054d438e 3064 editors optional
emacs_28.2+1-15+deb12u2.dsc
df5a709a42d3074de8b2109ad22b08b2 132000 editors optional
emacs_28.2+1-15+deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEPTFSABe5ruOuhW+97vEWxVpaQvEFAmZo89gVHHJsYkBkZWZh
dWx0dmFsdWUub3JnAAoJEO7xFsVaWkLxg20P+gMXIXclOpPrAiiMhXXxA6BmhCZF
xoJ9xnIJVub9OLrK7B8nF7X70mLJ3znvLHFyYb4Mvo34BsXvw4SSDE8VSDTB7GoR
DR3jI7KTQy0awQcl9RtmK2KHjf4xwR87vka9fEIwbKVXd5HPAfkQ61e5sNNLuEWx
Y95bR7S7NLDzH707niRu0HsSMvKyedqEqD4NsOW6xPgVpVCL5M7oiGAeZAQYEB30
aCweyn3kYUVMxlumr1DjQdBbCINmbU3nD7CHGs2nxHylVJrvJ/x5Titwmo2AVvG/
3+jKhXXhzfOC6Ff3ZDNc7Falhb1hs8O0d356/jXT08FS3V7CWe2vjZKNED5XyRbV
404h5/xVcFOrjLSV87P1afI9BF63M0mFFyBqDnI8gHueU+Dw1fD+30cD77JP6trm
wLXKRHkylZvqYamZdgMHfmZQMzrS+OHHgE7yMspTXGy19tJn4nCLfWBxAft244qk
z6d0PubQvUrUP1xcrjdu3AKQIQcELuA/q2mcBMZFpwkxXtloMkt6W2tBt1NTF4KE
IU0rXkHbt43bdX11xWaIr4mDF1RF9sVmAuCbIdTwO1h9RyLrjQNfJYvDg1LTaYcZ
/wa9kO5SPa+YebPXpjKohxJ5kpocreRSDZQNl0G1mSNuAZAd8L5qOLh0Q8VRQ8BP
f3SKSsJ2BXDDnqJD
=18fM
-----END PGP SIGNATURE-----
pgpNe8q9FeId6.pgp
Description: PGP signature
--- End Message ---
