Bug#1074137: marked as done (org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331))

Sun, 14 Jul 2024 08:51:17 -0700 

Your message dated Sun, 14 Jul 2024 15:47:08 +0000
with message-id <e1st1rm-002av4...@fasolo.debian.org>
and subject line Bug#1074137: fixed in emacs 1:28.2+1-15+deb12u3
has caused the Debian Bug report #1074137,
regarding org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code 
(CVE-2024-39331)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1074137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3

Hi

There is a new vulnerability in Emacs Org mode. Details:

https://www.openwall.com/lists/oss-security/2024/06/23/1

Upstream fix (in org-mode);

https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: emacs
Source-Version: 1:28.2+1-15+deb12u3
Done: Salvatore Bonaccorso <car...@debian.org>

We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated emacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Jun 2024 06:54:48 +0200
Source: emacs
Architecture: source
Version: 1:28.2+1-15+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1074137
Changes:
 emacs (1:28.2+1-15+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
     (CVE-2024-39331) (Closes: #1074137)
Checksums-Sha1:
 7916dfca5e3499a0c0bc0e6ebcaa32297ab3ef9b 3067 emacs_28.2+1-15+deb12u3.dsc
 d7f49858bdec2d47110c2ed7b1d0005f157e20c3 26988304 emacs_28.2+1.orig.tar.xz
 20c5ab3344f4a160526c0e3bbfafdd8dcf5373e7 132924 
emacs_28.2+1-15+deb12u3.debian.tar.xz
 059398e7b45a1ea112567c4749af22d4d5581726 8329 
emacs_28.2+1-15+deb12u3_source.buildinfo
Checksums-Sha256:
 7fa34b206416488e15bcf5dbd17258f3e134adcffe1e34a5c9b5e4dd17ca6fe0 3067 
emacs_28.2+1-15+deb12u3.dsc
 54a21ceabe3d93a6ba164e8874d6a2cbb094e42d73d4a8978a4ff7dd75d90666 26988304 
emacs_28.2+1.orig.tar.xz
 b6b8597a078184a504f56fa675e1021f2b59c98eeace4b212a075a066e7369f0 132924 
emacs_28.2+1-15+deb12u3.debian.tar.xz
 9a5a33cda00be8134c47d68c29b74a34d46e775afa726003ed9167d17d26e593 8329 
emacs_28.2+1-15+deb12u3_source.buildinfo
Files:
 99a7edcc92e6bfcf83484146a5939cfb 3067 editors optional 
emacs_28.2+1-15+deb12u3.dsc
 1392c949265565fc162e693e7826ba55 26988304 editors optional 
emacs_28.2+1.orig.tar.xz
 0758b8b625d29309d18be190e0c13a21 132924 editors optional 
emacs_28.2+1-15+deb12u3.debian.tar.xz
 7726bdedc67c86f977c68135631deee2 8329 editors optional 
emacs_28.2+1-15+deb12u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ6Vk9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ERysQAIsvxlNyNuCuRIWBGxr9C8Tr6qYIsI19
N5wxg/JdXl6DcXzu30npoEVaPXU091deyXzee7D4wTytvUcNU3er7slMNeWC0NgU
N0eysPY1RKh4Vv/eIYp7lhL7gsp0DT/QFBkf2mN+IvmrQ3tFO1JAKtxwRriaW2ml
ufLCrYuU4y/dP7Fa5XveJaT6q/TztWZYtNeIJA7e0vD+y+ecvUxuNybNndkktwWA
Tjrw/0ibiQ+Ne6/vimY7kj+YpvYEN8fUkNQg2aCvnUfsK9cZ8zD/GWH8+HqhZlht
yyFRkx65NXD+CcKhnsVELFwcNHXzKYYYM31i9sgA5isEiIOlqh1dxWzxXvP4Hvj8
qM/C+Ca5SkH8LyFwOAHRnD6JH2+ZctPUqBRETkbw58KR4UmELuxFQZea3uqKMDhn
FReLrw1GGhMpzG1ad50s4AaOzYnuiZ8HBkdZmZfd+JvHuRaASoVJ6rtDsah8m5yV
NPbW37jzzO6jQu56XIMD7yaXrnBS8iTSV17BdU0G0SPLa6OOHU935uHZTexQPnkk
bMU4KMGCtANWItcF25ioi1DWfhwX7XSY4QvVl9iLcEqRfxY5ODovTQWAnl5iXpSP
CBaY4OTginMJC2KKe/ciY9BpZHO0cV/QTHL1BHiFl0ZX4FKfggjZMQk9/EvPBK4I
zDiuFSVhRzVH
=rfGk
-----END PGP SIGNATURE-----

Attachment: pgpfxI9al7Q0a.pgp
Description: PGP signature


--- End Message ---

Reply via email to