-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3616-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb October 12, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : org-mode Version : 9.1.14+dfsg-3+deb10u1 CVE ID : CVE-2023-28617 Debian Bug : 1033341 It was discovered that there was a potential code injection vulnerability in org-mode, a popular add-on for the Emacs text editor. Attackers could have executed arbitrary shell commands via a filename (or directory name) that contained shell metacharacters. For Debian 10 buster, this problem has been fixed in version 9.1.14+dfsg-3+deb10u1. We recommend that you upgrade your org-mode packages. For the detailed security status of org-mode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/org-mode Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmUnsk0ACgkQHpU+J9Qx HlhI4w/9EdU/fiZ16JRT9eqCMGMkWAxzZqiUvCcOalG2RZZcRLi+Pe49yswDWdlr khdUbR9ksr3OIUQWGftiWpEiOCTu6rEZ/7jHRSzAZ61l6nutce4VDTWYPMWB4aTW GzWoMd3P2/GroDGfDojRtaDEtsr80UpGQ84DbYXSRSTVJUrz5x9gr1+q8CDIght5 BU8iKJn+d9tzJYRiAQOdX2Iniz2LS/mTQtyYuRODkmVkGFgpnNCN5p2jnbCPk2+S cmNRytIKgboS1LD8K7cL3yXtahqV1qYXsIIqY5ggPxivPwW7P7ubf10WidhX34Rr B1zpXk3jTlZI2opl1nU9izZkBGBHBXnUhj5uEkgiBTlEjNoWA79PtByoQ8bd6G6K OHihAg9nbxmPSfJyJN9uy2tr8a1Dq8jgAzWan81eSYxhAIJm6uhCVg/peMx9MY9c 1zVPqnxoK1sxBdpcDKCdEe3j4M624VI48ruRSLciFarADxnsVCeLMgH4nHnmmYYI zIAzlAPpqs6fvV52nDeNFhBurk5576mactPs6DyqZEE0TiYRrHSsT03kX+doQfMw Ai0RfRZtXJMSvU2dgdOktVByFNdCFub9Njj5cFy0amr8NcqlTfLgS7nIg+X9eNfS SVegiGCK02XAZpetkreuOD1rDOMW7iRHQKbydvOKx0Dy+tPBXHI= =tWW9 -----END PGP SIGNATURE-----