Your message dated Mon, 20 May 2024 20:34:02 +0000 with message-id <e1s99hq-005dbz...@fasolo.debian.org> and subject line Bug#1067630: fixed in emacs 1:28.2+1-15+deb12u1 has caused the Debian Bug report #1067630, regarding emacs: CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: emacs Version: 29.2+1-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>, debian-emac...@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 According to the 29.3 release notes * Changes in Emacs 29.3 Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities described below. ** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. ** New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution. ** Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer. ** LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value. ** Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'. - -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled - -- no debconf information -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYAhNIACgkQA0U5G1Wq FSEANg//cukjqohXxNRpkxbutqHHvOB1aAr3d78jowjP3Yb9ozAArNxUjuJHEdSZ 5HCASm269atf5753maZILjyx3VmF/qUihyGjbbWjqMwNrQkkQiuXBfYn1F4R76/V tyFile5NZVXIgYMykLb+rSHap6KMBnhjvLWSwNsDMuD8WB7OPH7KOI2xYqkUb7ue SIgkCr0GJ+LaHOAYlRKkAYok4qwIfijLBw41Bt7t9Tawh+5d5nDkNPDphFOB+bG+ 1hOQD8KVYWIceRK83wcDictSxbeTSo/cp6cEtVZX3yrDvBRbj3VKjKWL+0UIKfWO iGWQYn622B7WbBIwEddQMmla+nxa5rxEN9VMEE8N5xcpI1lnL0lVSxw0jbT0FopJ PmwFYmz1+pxB2fhRTv1T7ZTSAJS3BKQ9u2R8tuKO5ilSYp1zJrBBIazGPZ3Q+UBS EoPh4hy5G4IZ3X3yaE9cX76fdDMMGPQ7HIinkw5A7KWb8zHse5m3+WG+iPNuveHU GRwOB9pDDRTQrQVG8of2YVS0kLb9eu2jUD0sbi8As3P5Mr/gXHlrSgs5t1qg3HuA Kkg7m7PAONZu0LBZNZsItm/V0weDqBdE+LZsa/1LUk3H+zvswhctlNLuZ7Y4mKqh YpuwmZ2+cv1To2M/DKbBx2ngl5EiojF8hk5pGezcZ811NRFAQKc= =BxE4 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: emacs Source-Version: 1:28.2+1-15+deb12u1 Done: Sean Whitton <spwhit...@spwhitton.name> We believe that the bug you reported is fixed in the latest version of emacs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sean Whitton <spwhit...@spwhitton.name> (supplier of updated emacs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Apr 2024 10:49:04 +0100 Source: emacs Architecture: source Version: 1:28.2+1-15+deb12u1 Distribution: bookworm Urgency: high Maintainer: Rob Browning <r...@defaultvalue.org> Changed-By: Sean Whitton <spwhit...@spwhitton.name> Closes: 1067630 Changes: emacs (1:28.2+1-15+deb12u1) bookworm; urgency=high . * Fix CVE-2024-30202, CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067630). Checksums-Sha1: 3e85a9414e61ea4ab44cc26548923d98a0813049 3035 emacs_28.2+1-15+deb12u1.dsc 7481211825ed9b505f0f53544fb7a1eacd8fb5cf 129660 emacs_28.2+1-15+deb12u1.debian.tar.xz Checksums-Sha256: 9bf1e65532de80576ce1f547670af7c972824f627af91dd8d978ed3721eeed74 3035 emacs_28.2+1-15+deb12u1.dsc fbaa3e06234b648a4f309aec6d6372142758f1a666ca0e550bf776a86d1bf1a1 129660 emacs_28.2+1-15+deb12u1.debian.tar.xz Files: 1e522ffedefe6960e23d109a89f5811e 3035 editors optional emacs_28.2+1-15+deb12u1.dsc 9f2f96394a84acfe9d377b59322f96c8 129660 editors optional emacs_28.2+1-15+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYsys8ACgkQaVt65L8G YkAxQQ/9GAMIGsa99/GrCXm88eHIj4xK8ybSA5svssNWLlvdNVRWysR8NFLtulPD gtlzDpY4457iHrPMO28+YN4A3vpdeXGZYHiu5V+EEhp8qs1XhWpzIsgjMK4FEDlC W7SuIgQla1K8sqEFzJaoBlrQF4mqTu37PXjJ9HcMCHt/dgPmNQnOSpiooyu+5Lwp XidHbIBygZyfbRSncaJsb0tipPBPtHAfirWVZlsCPmiy7RcDGnjXw1rgPrFnQvwc jSBbD9I9ZvewrqXBD7g0+FoZoiIJnxKs6/+WaExmUxtjssWGhaE82fK6PLN2eSdJ 2qGXptjgFjMn2jVueS6SlJnomrS1gohP2lIb0e8M3UA4wFbVmqaNpzifSxyPnhZ9 XIHGxelVM2VKSrKLiGY3JtxQszYo7MZeAeTYLBJ0aDZQdcJ3g5Nol0cGsHh0zWw8 bOnm6VKU56oj92y4KFd8NVwZNx7HARsDdL8KQ9AcZgiGH0HoJjLztkah5CnFQs4W S2Y1g8vwJzBjGHPl30KXDPRRA5FnIn56otqTfkRDjddlRz/+lz+kujvS7sIV+QbM Y+I23Fm1JJUJb1a0/ulZ6OBXtSKAw+CqKNBkJL6Yw3mz953O+cFxrM31prRYFk2e pS/w5cvwRZ8Mwz1oOk0L4pmzH/WM2UUIEwMZgybqYkg0oJUukOA= =fPfi -----END PGP SIGNATURE-----pgpZwiuIC9tkx.pgp
Description: PGP signature
--- End Message ---