Your message dated Tue, 11 Dec 2007 09:17:13 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#455432: fixed in emacs22 22.1+1-2.1+lenny1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: emacs22 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for emacs22. CVE-2007-6109[0]: | Buffer overflow in emacs allows attackers to have an unknown impact, | as demonstrated via a vector involving the command line. You can find the upstream patch for this on: http://cvs.savannah.gnu.org/viewvc/emacs/emacs/src/editfns.c?r1=1.439.2.3&r2=1.439.2.8 If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgp2e858ZcX6J.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: emacs22 Source-Version: 22.1+1-2.1+lenny1 We believe that the bug you reported is fixed in the latest version of emacs22, which is due to be installed in the Debian FTP archive: emacs22-bin-common_22.1+1-2.1+lenny1_i386.deb to pool/main/e/emacs22/emacs22-bin-common_22.1+1-2.1+lenny1_i386.deb emacs22-common_22.1+1-2.1+lenny1_all.deb to pool/main/e/emacs22/emacs22-common_22.1+1-2.1+lenny1_all.deb emacs22-el_22.1+1-2.1+lenny1_all.deb to pool/main/e/emacs22/emacs22-el_22.1+1-2.1+lenny1_all.deb emacs22-gtk_22.1+1-2.1+lenny1_i386.deb to pool/main/e/emacs22/emacs22-gtk_22.1+1-2.1+lenny1_i386.deb emacs22-nox_22.1+1-2.1+lenny1_i386.deb to pool/main/e/emacs22/emacs22-nox_22.1+1-2.1+lenny1_i386.deb emacs22_22.1+1-2.1+lenny1.diff.gz to pool/main/e/emacs22/emacs22_22.1+1-2.1+lenny1.diff.gz emacs22_22.1+1-2.1+lenny1.dsc to pool/main/e/emacs22/emacs22_22.1+1-2.1+lenny1.dsc emacs22_22.1+1-2.1+lenny1_i386.deb to pool/main/e/emacs22/emacs22_22.1+1-2.1+lenny1_i386.deb emacs_22.1+1-2.1+lenny1_all.deb to pool/main/e/emacs22/emacs_22.1+1-2.1+lenny1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated emacs22 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 10 Dec 2007 16:42:03 +0100 Source: emacs22 Binary: emacs22-el emacs22-gtk emacs22-bin-common emacs22-nox emacs22 emacs22-common emacs Architecture: source all i386 Version: 22.1+1-2.1+lenny1 Distribution: testing-security Urgency: high Maintainer: Rob Browning <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: emacs - The GNU Emacs editor (metapackage) emacs22 - The GNU Emacs editor emacs22-bin-common - The GNU Emacs editor's shared, architecture dependent files emacs22-common - The GNU Emacs editor's shared, architecture independent infrastru emacs22-el - GNU Emacs LISP (.el) files emacs22-gtk - The GNU Emacs editor (with GTK user interface) emacs22-nox - The GNU Emacs editor (without X support) Closes: 455432 Changes: emacs22 (22.1+1-2.1+lenny1) testing-security; urgency=high . * Non-maintainer upload by testing-security team. * This update addresses the following security issue: - CVE-2007-6109: A stack-based buffer overflow in the format function when dealing with high precision values could lead to arbitrary code execution. Added upstream patch (CVE-2007-6109.diff) to fix this (Closes: #455432). Files: eb4735cee3ae4b45de29082b55e6ce3d 951 editors optional emacs22_22.1+1-2.1+lenny1.dsc 79f7f120a19e11a695dd1b601fd17ec4 49336 editors optional emacs22_22.1+1-2.1+lenny1.diff.gz 11b96b2b7748f0a77bb6281ccb264fa9 18634 editors optional emacs_22.1+1-2.1+lenny1_all.deb 3114aefa1694af6b60f66d52e2b00021 14348738 editors optional emacs22-common_22.1+1-2.1+lenny1_all.deb a4f0587e110182fc493f3115d3fd45b3 11186702 editors optional emacs22-el_22.1+1-2.1+lenny1_all.deb e818871e13c917d962cd4b4759e1ec85 2565234 editors optional emacs22_22.1+1-2.1+lenny1_i386.deb 63822f5bb63b0f9297be68862411e02c 2318060 editors optional emacs22-nox_22.1+1-2.1+lenny1_i386.deb d3d5293251b736874e18c4424c65053e 2562370 editors optional emacs22-gtk_22.1+1-2.1+lenny1_i386.deb 3fb6984e3aa7629706f71ee0f2a6ccaf 161260 editors optional emacs22-bin-common_22.1+1-2.1+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHXYidHYflSXNkfP8RArtNAJ44jwkC4MuHL5vBQs9Ijo4MLARp3wCfd3E/ vUGmXYUSooLycBcvJwL4YFU= =KyiD -----END PGP SIGNATURE-----
--- End Message ---