Your message dated Mon, 25 Mar 2024 21:19:46 +0000
with message-id <e1rorjo-00fqua...@fasolo.debian.org>
and subject line Bug#1067663: fixed in org-mode 9.6.23+dfsg-1
has caused the Debian Bug report #1067663,
regarding org-mode: CVE-2024-30202 CVE-2024-30205
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067663
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: org-mode
Version: 9.6.10+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: debian-emacsen@lists.debian.org, Debian Security Team
<t...@security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In https://list.orgmode.org/87o7b3eczr....@bzg.fr/T/#t, Ihor Radchenko writes
I just released Org mode 9.6.23 that fixes several critical
vulnerabilities. The release is coordinated with emergency Emacs 29.3
release
(https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html).
Please upgrade your Org mode *and* Emacs ASAP.
The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when
previewing attachments in Emacs or when opening third-party Org files.
- -- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages org-mode depends on:
ii elpa-org 9.6.10+dfsg-1
org-mode recommends no packages.
org-mode suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYBSjMACgkQA0U5G1Wq
FSHjuA/+PbZdJex2gariys1U8zA9ExAUW0TKE2Pt/k/bngZt9+B7JGm1bNqSMkBm
mPN+6uIEZdmmasNCqHzNwlxPyezWnL1ik4n3lfz1fkXMSf7YWExcL/rnBvsc6aqi
yzTB0IPP2+1Jx0BV3ysiX62eRlLXiv3NlJQuKHyOwVCjOUDJUdN25YgZQ7b4Q2/S
4lC6O1wkmJqyV/PopvHIeFTo76l8Cg612ZGFrdniXkWB4zUSl2MdfsduimFO4xfp
/izY1u7nCT+bdsKT6OdvKqV5bStEukiklo/A2V9KTWrAQ2xeNwgE0gtP6MYzVfZ+
f7of4+SCqt0dZMwLiuZse+XA82nPnDqSdiT5A5EGRQ8am5BQ9d0weOoaQMho3vym
bUQO0rdU0MCrZR3MxCH4YPKm1ge1wPS7zLL48/+6PFhlHHkmQ1t98EzCbJ+gEgJW
Qm/wnT0ctJRmp2uqGDpRLeI0t+YU/kyfaaHS/rB7XSkQN6vBmJKnClGmgFnhVphR
hrQVVpJjD0SeZSv9uOUI17HfPz9v3pIKLCMs4R2+WTddxf6bdXytFmlOWBlcvEpE
0ocIW00D68jDWx0Bq1PItEJ11V9GbcqrigtBHfEocYVnL4hB3x5lkaGkMF5P2gOn
4OL3eC+UqJoEpr53PiD5fdbo7WkeI3NCdDBqb/GDn9Kj4HQyZqY=
=aTCW
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: org-mode
Source-Version: 9.6.23+dfsg-1
Done: Nicholas D Steeves <s...@debian.org>
We believe that the bug you reported is fixed in the latest version of
org-mode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicholas D Steeves <s...@debian.org> (supplier of updated org-mode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Mar 2024 15:54:00 -0400
Source: org-mode
Architecture: source
Version: 9.6.23+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org>
Changed-By: Nicholas D Steeves <s...@debian.org>
Closes: 1067663
Changes:
org-mode (9.6.23+dfsg-1) unstable; urgency=high
.
* Install upstream changelog.
* New upstream release (Closes: #1067663).
* Update FSF's copyright years.
Checksums-Sha1:
57cf515b38340de43e23d7604a6b0f196680163f 1983 org-mode_9.6.23+dfsg-1.dsc
6226124a6449bbdbd1caeefad1c43686618e316f 1289572
org-mode_9.6.23+dfsg.orig.tar.xz
cc3e24acaa21d09ffb140826352b6e23eacbc999 16812
org-mode_9.6.23+dfsg-1.debian.tar.xz
5bf8a356359e71a4634d8b9839a1f57866c07658 9391
org-mode_9.6.23+dfsg-1_amd64.buildinfo
Checksums-Sha256:
c120f66fbb1221edbac5aa5f1e0b985c76e8447b2221ef1733a1d7e18ceb9e7a 1983
org-mode_9.6.23+dfsg-1.dsc
1ba75446d95b5c211b15c15f5a1fd0a570af3a7c62bc484a35144d75cda5b233 1289572
org-mode_9.6.23+dfsg.orig.tar.xz
c3eca887d4fa262c8e6f28d84fae0361f4fddcafbe7f006d3d15e437d26caf46 16812
org-mode_9.6.23+dfsg-1.debian.tar.xz
7b6703b9552a8626d29e9d2f319ea731f76993b2ab67d9003705a50e2a658f6e 9391
org-mode_9.6.23+dfsg-1_amd64.buildinfo
Files:
62e3a665d62513e0ef511331dc0581b3 1983 lisp optional org-mode_9.6.23+dfsg-1.dsc
4384ddba2cf55009275b318c5451376f 1289572 lisp optional
org-mode_9.6.23+dfsg.orig.tar.xz
9a1f42eaa2646bb48bced6de2fff4d53 16812 lisp optional
org-mode_9.6.23+dfsg-1.debian.tar.xz
c78f852d3e0922b266511dcda479279b 9391 lisp optional
org-mode_9.6.23+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE4qYmHjkArtfNxmcIWogwR199EGEFAmYB13gACgkQWogwR199
EGEofhAAjNyo7FndIVh6rhkGbdy1UOUtQcob4XKkapXWuN+ZBtMxhPqauLxJ80We
hbmfvfdS9fDOir93DASxtp09pTz2UDypjwRzaKPx11p0b5eVl6E2JDScuPbA6OB/
Fkavj7MUxi1XgpRQEao92+rAIEOPYp958M8kwBEUnUEn5pfOG5HunmAf32kRtmKI
L35EcQMwnFsMsMjR2EThIxImZy8U/1du6mZC8f0zc3XITYHMiaCe5fZlTWn9aGNF
YM+9txdKiEJhi0S6rhhZ7bqiXebDWlyr2XsQem8bded7l2bwPjBpizRHbJvKHj3T
Oj0Y4BulD47NyXOtLg1/4YSil8njmj5zoq7w+oI97EEPLVUmw2T5Ts+A7kMWGlwX
0JMRXxzeTwUaRdDxMrLsEraxVHGgGaj3TtX2foa1SEQ5yi9DUfctk2a247XlKlGG
MGmwMHBFUVOjP0HnELjw5gOrtn0B14vH9oyKwKNq67ZpiSXNZoZHI3AomwRbtGkh
sYyL4w+J5Ffk77/UxIt6VI9ICi04gF5hhKh1UgHzbO/fT6/sfw2DL47CmPW7+REF
xM/B0OlZL6hpLW/z5jPDEzlWavrfYfCcx6ijZN1O0r7Kv9wnH2H1DTKy/nei8cJL
1tDq7QZnYESR8MyjDRZeoBGod6EVNaaBGUW0dGTLqArecxZzpN0=
=+6jr
-----END PGP SIGNATURE-----
pgp4hntV92AYD.pgp
Description: PGP signature
--- End Message ---
