Hi Salvatore, Salvatore Bonaccorso <car...@debian.org> writes:
> On Tue, Jun 25, 2024 at 03:04:42AM +0000, Debian FTP Masters wrote: >> org-mode (9.7.5+dfsg-1) unstable; urgency=medium >> . >> * New upstream release that resolves CVE-2024-39331 (Closes: #1074136). [snip] > > Thanks for this upload. FYI, have uploaded some minutes ago now as > well a corresponding version for bullseye-security to security-master. > Thank you! As for bookworm, I'm unhappy with the security tracker status of "ignored". Would you please ACK an upgrade of the empty package's emacs dependency to ( >= emacs_fixed_version )? That way the metadata would ensure that it's fixed. Feel free to do it yourself, if you'd prefer, but I have not been ignoring the state of bookworm, so want users to see "fixed", and feel safe, rather than see "ignored" and wonder about apathy in the face of scary vulnerabilities. I also received a bug report about how bookworm's org-mode-doc shadows the docs provided by emacs-common-non-dfsg. A similar empty package, plus ( >= emacs-common-non-dfsg ) would fix that. Looking forward to hearing what you think, Nicholas
signature.asc
Description: PGP signature
