Bug#1074137: marked as done (org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331))

Mon, 24 Jun 2024 18:29:22 -0700 

Your message dated Tue, 25 Jun 2024 01:04:54 +0000
with message-id <e1sluca-000sbx...@fasolo.debian.org>
and subject line Bug#1074137: fixed in emacs 1:29.4+1-1
has caused the Debian Bug report #1074137,
regarding org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code 
(CVE-2024-39331)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1074137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3

Hi

There is a new vulnerability in Emacs Org mode. Details:

https://www.openwall.com/lists/oss-security/2024/06/23/1

Upstream fix (in org-mode);

https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: emacs
Source-Version: 1:29.4+1-1
Done: Rob Browning <r...@defaultvalue.org>

We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rob Browning <r...@defaultvalue.org> (supplier of updated emacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 24 Jun 2024 19:34:05 -0500
Source: emacs
Architecture: source
Version: 1:29.4+1-1
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Rob Browning <r...@defaultvalue.org>
Closes: 1074137
Changes:
 emacs (1:29.4+1-1) unstable; urgency=medium
 .
   * Merge upstream version 29.4. (Closes: 1074137)
   * Update debian/copyright for 29.4.
Checksums-Sha1:
 c7d30866b705c8cdb7c826d3197e4b00828c1706 3132 emacs_29.4+1-1.dsc
 004e7aa61b44ce33634eb1085299d206a90ad425 29301440 emacs_29.4+1.orig.tar.xz
 03ac1694de1d5d24f32d2503b1e0d834b762a7ce 66228 emacs_29.4+1-1.debian.tar.xz
Checksums-Sha256:
 ae2326af2af49f6279a394f5e90feaa27e37ab7ba11ef599e284b443588fc3d3 3132 
emacs_29.4+1-1.dsc
 eef69e3a3c2098f9b41e0b284406ecc815373aafa5f7e2acdc99214a9bf34061 29301440 
emacs_29.4+1.orig.tar.xz
 0ce67a5df85a4ba505d469e6bee8c794476849f8bcd4b682cbed8810bb39cf31 66228 
emacs_29.4+1-1.debian.tar.xz
Files:
 e28374e9d298b2cb3c92c937334a4399 3132 editors optional emacs_29.4+1-1.dsc
 ec9687fa8d0c6bdd36a2b239b08e2116 29301440 editors optional 
emacs_29.4+1.orig.tar.xz
 884dec9454f5b4cceb64857839d491cb 66228 editors optional 
emacs_29.4+1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEPTFSABe5ruOuhW+97vEWxVpaQvEFAmZ6EnoVHHJsYkBkZWZh
dWx0dmFsdWUub3JnAAoJEO7xFsVaWkLxPRkP/2g7jhUbUlrLCsvo84qkUd4PSmvo
FkrImH41ynfG3cs53aM4jFovTKgQXzoeDdUQp+kCVj0RjdGE2cj8w8qh/nMnuI6/
LN0rIuOC0enr1RMUv+g1zLpmCyxtTifTfiGw9413D4tBPtcBZpoeJudTTDE+jNYW
KeBGtLLhkUErdOAWamyS2GW3660g5B0339lT+8A2Pj9idjYrdR1fdlfdHcNl0aS3
TPLUmwQ8a/UdfnkuYcDu814JblhWGpp8B+Oct+lyjn6moQ1y95ecGIlbvGvzjWwi
E6UM1lr/ISNxtHc5rOgbKz0dvpvhpn3N6HtlAnrMahD0i4yw/qKvabBd0G+EiAf8
AB8aFTO2aCZ+kzgMMg6PdIjMDLvweMMscOigqbUtoldhFaYMaN/pBshQOBtF+Hmo
M3/Yp5WxtXGfISlqrnAbwq7l+nFIpwuhK7kwGAqzBeTzUiHJfpZ3gyEswdlqT+fc
O/upvVo1Hg84veMpIR9j8bPFGV1GwhD0Y01j80sdqsYRPhJEB9oB0Z3YwEt2miSL
XfOuITx66kY3KHFGpCcLkJJoYup1V8yMbnyWZcyCI1HIg8tHCIzBAH59DTKx1tkq
e7iUwg7RlpTuGJSXIZcD2EVqRTUTIBIPVljzcJ31QM5SfQE4tkW/T6cvMbWUlvpx
3mFc+CZvRRtsDLLx
=M9kw
-----END PGP SIGNATURE-----

Attachment: pgpZ_xfemz8aY.pgp
Description: PGP signature


--- End Message ---

Reply via email to