Your message dated Sat, 24 Aug 2024 14:32:40 +0000
with message-id <e1shrom-00cvu4...@fasolo.debian.org>
and subject line Bug#1074137: fixed in emacs 1:27.1+1-3.1+deb11u5
has caused the Debian Bug report #1074137,
regarding org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
(CVE-2024-39331)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3
Hi
There is a new vulnerability in Emacs Org mode. Details:
https://www.openwall.com/lists/oss-security/2024/06/23/1
Upstream fix (in org-mode);
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:27.1+1-3.1+deb11u5
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Jun 2024 07:37:54 +0200
Source: emacs
Architecture: source
Version: 1:27.1+1-3.1+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1074137
Changes:
emacs (1:27.1+1-3.1+deb11u5) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
(CVE-2024-39331) (Closes: #1074137)
Checksums-Sha1:
6123bb26527678d941ee5a13ba5d2783f26fd974 2994 emacs_27.1+1-3.1+deb11u5.dsc
fb37de2cfb35e7aeae01051f32ddfdb002229173 121100
emacs_27.1+1-3.1+deb11u5.debian.tar.xz
2e38969fff8f1b48463a6a99d48be5668b5a4209 8280
emacs_27.1+1-3.1+deb11u5_source.buildinfo
Checksums-Sha256:
cc53162e4f338d23f656db4e332c049a16759eeff8e79a49b7902c02e031ecbc 2994
emacs_27.1+1-3.1+deb11u5.dsc
c77add29b493df4e040137c81ea15a53d6f8eaaacce8b2bcb4c8c07592373855 121100
emacs_27.1+1-3.1+deb11u5.debian.tar.xz
7a42fa583f78b9a2338c9c2254c6efb77ca7b94f48f8ed65076cf63ad20c4da3 8280
emacs_27.1+1-3.1+deb11u5_source.buildinfo
Files:
49415c08c113db93c325a3fa6ebb5978 2994 editors optional
emacs_27.1+1-3.1+deb11u5.dsc
45428c2bc7ae302e83c00ebbc71edc4b 121100 editors optional
emacs_27.1+1-3.1+deb11u5.debian.tar.xz
1003a37eca9f43783255c4a6d9d00881 8280 editors optional
emacs_27.1+1-3.1+deb11u5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ6ZM5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EdX4P/jg80bGSLXTfQjjTsSwo0dGOIeGldMl/
fJq1Ez4N2pkqHpd+BI4BrUvG/IOh5gZEMkc3zi19vrmbOp1bJXMyXQENFzUbAaIU
jzPRNBj+7zRUHvyjDLFVHa4BMPPuouJU9qP4sNXtmzfEExfUMCvneQBpIpowd0lO
dbwpBTRmtF1LKtZL2OVV0kDX3yxlCvpCEOMEv6kmsesKPgsPnBi2uv6j/TFHuLiU
klQyMx1ycqL7r3WHZ0LMo1mK7GwkkRtplhlR4U4KKmNXHRARL4gKgCvPRKPMsuYP
uD/Mar69LhF5XxaqX9W7IiRfUQ0B3xcZCFtZ1OmDMXr4B5wkDIvkEFvIfTKkqNlc
hLyt/645ny06D6TZG15cD5iBm9+TKJR51IT1aGeLJ5ENQ/pNZfHIAoQbj3IqaTYH
1w1HJ7O2bysiIyNOtezYdt8KmrcMRIozE8X1qXAWmRgFjA+Wsu+r5cwPdOced6Tb
4/jWSavf0DZpSUQsVxrl809Y7S/8kvxjhrVdSnUGFI1xL0Ss6BBpuAHO5ZU7OEX0
QR3YU73LrhFHGE2YwYCb1bq9oCw2vRvOkn4WZQFBO8us9nYZoM0Uae6Hjt/LVzX2
f6cBJ0w5/R7+tYep7h49fYzjDF4RIEsKuV9OZ7I3EeSd56yHLQTOOnRb6u3ZLjaN
jEiBSl060nSm
=Zh+L
-----END PGP SIGNATURE-----
pgpxDxwWsQpgj.pgp
Description: PGP signature
--- End Message ---
