Bug#1033341: org-mode: CVE-2023-28617

2023-06-12 Thread Nicholas D Steeves
David Bremner writes: > Nicholas D Steeves writes: > >> fixed 1033341 org/mode/9.5.2+dfsh-5 >> fixed 1033341 org-mode/9.6.6+dfsg-1~exp1 >> thanks > > Are you sure about that? It depends on emacs 28.2, which afaik has the > vulnerable org-mode embedded. I guess it's a question of interpretation,

Bug#1033341: org-mode: CVE-2023-28617

2023-06-04 Thread David Bremner
Salvatore Bonaccorso writes: > > Looking at https://security-tracker.debian.org/tracker/CVE-2023-28617 > I think we should be fine for bookworm already, correct? Yes, I think what is there makes sense, given the constraints of expressing a weird situation. d

Bug#1033341: org-mode: CVE-2023-28617

2023-06-04 Thread Salvatore Bonaccorso
Hi David, On Sun, Jun 04, 2023 at 08:34:18AM -0300, David Bremner wrote: > Nicholas D Steeves writes: > > > fixed 1033341 org/mode/9.5.2+dfsh-5 > > fixed 1033341 org-mode/9.6.6+dfsg-1~exp1 > > thanks > > Are you sure about that? It depends on emacs 28.2, which afaik has the > vulnerable org-mod

Bug#1033341: org-mode: CVE-2023-28617

2023-06-04 Thread David Bremner
Nicholas D Steeves writes: > fixed 1033341 org/mode/9.5.2+dfsh-5 > fixed 1033341 org-mode/9.6.6+dfsg-1~exp1 > thanks Are you sure about that? It depends on emacs 28.2, which afaik has the vulnerable org-mode embedded. I guess it's a question of interpretation, but the vulnerability is still ther

Bug#1033341: org-mode: CVE-2023-28617

2023-06-03 Thread Salvatore Bonaccorso
Hi, On Sat, Jun 03, 2023 at 10:02:43PM -0400, Nicholas D Steeves wrote: > fixed 1033341 org/mode/9.5.2+dfsh-5 > fixed 1033341 org-mode/9.6.6+dfsg-1~exp1 > thanks > > Dear Salvatore and Security Team, > > Salvatore Bonaccorso writes: > > > Source: org-mode > > Version: 9.5.2+dfsh-4 > > Severity

Bug#1033341: org-mode: CVE-2023-28617

2023-06-03 Thread Nicholas D Steeves
fixed 1033341 org/mode/9.5.2+dfsh-5 fixed 1033341 org-mode/9.6.6+dfsg-1~exp1 thanks Dear Salvatore and Security Team, Salvatore Bonaccorso writes: > Source: org-mode > Version: 9.5.2+dfsh-4 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team

Bug#1033341: org-mode: CVE-2023-28617

2023-03-22 Thread Salvatore Bonaccorso
Source: org-mode Version: 9.5.2+dfsh-4 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: clone -1 -2 Control: reassign -2 src:emacs 1:28.2+1-13 Control: retitle -2 emacs: CVE-2023-28617 Hi, The following vulnerability was published for org