Your message dated Fri, 28 Feb 2025 22:32:09 +0000
with message-id <e1to8tt-001fg1...@fasolo.debian.org>
and subject line Bug#1098255: fixed in emacs 1:28.2+1-15+deb12u4
has caused the Debian Bug report #1098255,
regarding emacs: CVE-2025-1244
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1098255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098255
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: emacs
Version: 1:29.4+1-6
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://debbugs.gnu.org/66390
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for emacs.
CVE-2025-1244[0]:
| A flaw was found in the Emacs text editor. Improper handling of
| custom "man" URI schemes allows attackers to execute arbitrary shell
| commands by tricking users into visiting a specially crafted website
| or an HTTP URL with a redirect.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-1244
https://www.cve.org/CVERecord?id=CVE-2025-1244
[1] https://debbugs.gnu.org/66390
[2]
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:28.2+1-15+deb12u4
Done: Sean Whitton <spwhit...@spwhitton.name>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1098...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Feb 2025 09:52:07 +0800
Source: emacs
Architecture: source
Version: 1:28.2+1-15+deb12u4
Distribution: bookworm-security
Urgency: high
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1088690 1098255
Changes:
emacs (1:28.2+1-15+deb12u4) bookworm-security; urgency=high
.
* Disable Flymake byte-compile backend in untrusted files
(CVE-2024-53920) (Closes: #1088690).
* Fix man.el shell injection vulnerability (CVE-2025-1244)
(Closes: #1098255).
Checksums-Sha1:
c721c5bb9373acd2d43d332d261d9b488bfab951 2949 emacs_28.2+1-15+deb12u4.dsc
d7f49858bdec2d47110c2ed7b1d0005f157e20c3 26988304 emacs_28.2+1.orig.tar.xz
9c0f78e167c6ed1db9e9f65922322e3b9157cb56 136860
emacs_28.2+1-15+deb12u4.debian.tar.xz
4aebc4565ffa4de63dd1a7f05b92262b562bf8de 18936
emacs_28.2+1-15+deb12u4_source.buildinfo
Checksums-Sha256:
9ac8ed3fb0b75c65bdfd1612ea2e0a0d771dff69d6fef1afc2ffbf15cc928625 2949
emacs_28.2+1-15+deb12u4.dsc
54a21ceabe3d93a6ba164e8874d6a2cbb094e42d73d4a8978a4ff7dd75d90666 26988304
emacs_28.2+1.orig.tar.xz
b68efd7e1afed962c17b2d8e13bebb507fd318b5df89bcbd3db84b57dfa126e8 136860
emacs_28.2+1-15+deb12u4.debian.tar.xz
8f247f788c1e8503f447b3ab0fcd3a5452bf9a3af5aab1e25932d783c314523f 18936
emacs_28.2+1-15+deb12u4_source.buildinfo
Files:
9f66d612d9ae5b90f61e59a57d20c364 2949 editors optional
emacs_28.2+1-15+deb12u4.dsc
1392c949265565fc162e693e7826ba55 26988304 editors optional
emacs_28.2+1.orig.tar.xz
86f0f068b40f4363947d5cad8f6b280e 136860 editors optional
emacs_28.2+1-15+deb12u4.debian.tar.xz
f5ccb6f9182679ab28ecadeab5627502 18936 editors optional
emacs_28.2+1-15+deb12u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAme/xv0ZHHNwd2hpdHRv
bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQKHuD/4lqCquw7/7CQgTc/s+gmpT
RUiNmuQlEKvhT9H7T+qTYPr42iXG4aWRa7Y0/3DsvVlDekD4MXzulaZBlUU0/567
Nq9hIKtemQMl8ZI0/MUxRlt8CEzFtNtiyeweBP7S6/yyx9lPq4pM5g5EMwfreNld
C0JyiYOSjo9hwSX6RLYWj+jLyx/ibI+qaMdEzLugwpBdV6XfDI/OuOBHuwEwlriI
hisRnJuoEidxQh3f9cojxtrLWzMZbxVCReMJ6RiJui8LNeDRGsAsyn8I9vsds2pk
99aQFwhL/FhWqJiHf237BCFswc6LzXVDN4gnSS/KS51P2p0S4CWOLqmmMVaeMahu
qCENlaSPHY9574mVkN6k1FzaKb7hmt0kiVnn35xm+Rh9WaueJBKGxPydPoMcsSsb
LuRgRsb31N/fryi5VT2X7T+bZ5DRLme33mOXWGcZ9HuNzDiDpUyMwdXG7sHTTmqX
knu/A5Plw4Inxn2oIRHmJiLW31AtT4y2gd1QPkt0XZ+v1+GzQTiCyv81iCedJXbi
BKkR/Ll+V8hVaxHVIYGQiXVKN8Z0lL5/QO49//xlp+ZK9FkPDcVmt1fa9W3cl/VE
H7TJ1WwgraLhgknOIEsX3rqIHU8HUGyk+xdCkbt08WGXK1Txxtq/5HE0xUIcg7/L
XPtWLN61qou06PW5rrmw/Q==
=O1un
-----END PGP SIGNATURE-----
pgpM4ya200QY8.pgp
Description: PGP signature
--- End Message ---
