Your message dated Tue, 25 Jun 2024 03:04:42 +0000
with message-id <e1slwu6-001udb...@fasolo.debian.org>
and subject line Bug#1074136: fixed in org-mode 9.7.5+dfsg-1
has caused the Debian Bug report #1074136,
regarding org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
(CVE-2024-39331)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074136
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3
Hi
There is a new vulnerability in Emacs Org mode. Details:
https://www.openwall.com/lists/oss-security/2024/06/23/1
Upstream fix (in org-mode);
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: org-mode
Source-Version: 9.7.5+dfsg-1
Done: Nicholas D Steeves <s...@debian.org>
We believe that the bug you reported is fixed in the latest version of
org-mode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicholas D Steeves <s...@debian.org> (supplier of updated org-mode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Jun 2024 22:43:31 -0400
Source: org-mode
Architecture: source
Version: 9.7.5+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org>
Changed-By: Nicholas D Steeves <s...@debian.org>
Closes: 1074136
Changes:
org-mode (9.7.5+dfsg-1) unstable; urgency=medium
.
* New upstream release that resolves CVE-2024-39331 (Closes: #1074136).
* Rebase quilt series onto this release:
- Drop 10-shebang.patch (unused)
- Drop 20-links-unescaping.patch (unused)
- Drop 0002-default-to-xprintidle.patch (merged upstream)
* Migrate to debhelper-compat 13.
* Declare Rules-Requires-Root: no.
* Override "package-does-not-install-examples" and provide justification in
debian/source/lintian-overrides.
* Update my copyright years.
* Declare Standards-Version: 4.7.0 (no changes required).
Checksums-Sha1:
ef9d22a4e61ef3b2271659d894d5c1ae05311abe 2014 org-mode_9.7.5+dfsg-1.dsc
f830ed96f9346dc488ea6be1dcfbdc1015035497 1388780
org-mode_9.7.5+dfsg.orig.tar.xz
40ba525ab7909e0853523e8fb7633323b44e2bc0 16600
org-mode_9.7.5+dfsg-1.debian.tar.xz
04e413e24620a23c140a0e539b15f4f0f2220ba3 8255
org-mode_9.7.5+dfsg-1_amd64.buildinfo
Checksums-Sha256:
4dc50fc2b71edfe31e869586029adc42d38a3509b7eb69fab89d30aaddc5edec 2014
org-mode_9.7.5+dfsg-1.dsc
0934da007a271c1bedc747c0f472448604e894de663cfd9b1822eacdacb87ac8 1388780
org-mode_9.7.5+dfsg.orig.tar.xz
1ef5c15eb50ef5a0cbd7878811ecb7093d9e8275b07dd80284f2a35daff6a7b7 16600
org-mode_9.7.5+dfsg-1.debian.tar.xz
35c35a2916b16917c6e18388f791ee863af505ce4f736d6359b5318a68b9ca44 8255
org-mode_9.7.5+dfsg-1_amd64.buildinfo
Files:
be4d3f704653197cf3d8d10393c9bb5a 2014 lisp optional org-mode_9.7.5+dfsg-1.dsc
d95f9ee19d42b34566cc87df6d21c912 1388780 lisp optional
org-mode_9.7.5+dfsg.orig.tar.xz
865218bb577b47b63e0cf3f0dd1f1c13 16600 lisp optional
org-mode_9.7.5+dfsg-1.debian.tar.xz
733318d8f1585faed8ce460d36c1f92e 8255 lisp optional
org-mode_9.7.5+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE4qYmHjkArtfNxmcIWogwR199EGEFAmZ6MU0ACgkQWogwR199
EGGcbw//bAVbUnruH15cXhW8T3rs4pALaawzwnGefTJclrr2QKjNgF15LSpbaxCu
QnrXRBqSgIAd7wwK0DNriDU4zTcIMqBZIWJ0SEJM9/i9uW5FV50nr7kBlPfu23a7
HpgYdQlij3lOtDb+TVVQ97cyEzSC4O6iOHHNiAK38rK9t/TimLgKPhTxl2K8i1sN
AniGuqnRB0n9p2ZGlXv/WROKwiImufuzqyO7S2iqFE0qqphpaTBPteB/XvNKPY7D
qyKF06TwiqIVqwxy8z/kQy6hxFZ1/dVw5oir66P13Am3UDNPUyGE5k6T7g5IfmXn
ugmfPz4rkj8BIP00ss79Q0zpFb9NYN1JMBu6VXmGBs7fURFHYO6xqj7BQtxZfTpu
KkmPI7m9O8DpFWaM1l1L8pMw5S7NGnIFpvshfhATZgP5D54tSoLX5hiAguQYoY36
xuH0KGnjzsiSQNtSykwT84lrSL3vGOcP0Tf7OK9QwwSOALf0BCVHa9dIZ9BTyctJ
3uQutTdAYZ+HxkrGAfe2w43OMVoz4LXpldFGKn30fa7oIWQoWEgS7XuN1/jYxB4p
vCHxb7xPEePgwGqoROtUw/J5oGJXnef1LpAQzpZL5XLqZJyEpjnf8m3vJN1LqSxb
I8+Gfdo2d1v0l3sDAInQBUI2IMJCnk3j59ba1fDageoC16Ogwdk=
=YBu8
-----END PGP SIGNATURE-----
pgpiFPFXZ6hNs.pgp
Description: PGP signature
--- End Message ---
