Your message dated Sat, 29 Jun 2024 12:32:27 +0000
with message-id <e1snxfj-008cbc...@fasolo.debian.org>
and subject line Bug#1074136: fixed in org-mode 9.4.0+dfsg-1+deb11u3
has caused the Debian Bug report #1074136,
regarding org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
(CVE-2024-39331)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074136
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: org-mode
Version: 9.6.28+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:29.3+1-3
Hi
There is a new vulnerability in Emacs Org mode. Details:
https://www.openwall.com/lists/oss-security/2024/06/23/1
Upstream fix (in org-mode);
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: org-mode
Source-Version: 9.4.0+dfsg-1+deb11u3
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
org-mode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated org-mode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Jun 2024 09:19:27 +0200
Source: org-mode
Architecture: source
Version: 9.4.0+dfsg-1+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1074136
Changes:
org-mode (9.4.0+dfsg-1+deb11u3) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
(CVE-2024-39331) (Closes: #1074136)
Checksums-Sha1:
c8303dbd411c40d6f53b523bc7ee0d70308cb909 2163 org-mode_9.4.0+dfsg-1+deb11u3.dsc
963394472fcc72dfaf6c95fabcf8c6f11417c6d4 1295952
org-mode_9.4.0+dfsg.orig.tar.xz
d83c6c231996bd68107d5d61b1929879cc13eb1c 17128
org-mode_9.4.0+dfsg-1+deb11u3.debian.tar.xz
6fb9a6c2b8c867f21552c343fc714656dcfc557e 7135
org-mode_9.4.0+dfsg-1+deb11u3_source.buildinfo
Checksums-Sha256:
ce83394d98a47d2526f812bf5bbe77f4c11e8ec10cc1eb111e9582a179e18362 2163
org-mode_9.4.0+dfsg-1+deb11u3.dsc
dab4a49aa502a110e239cd2eb6926ef89dd76f01b3e4589409bf80a290229357 1295952
org-mode_9.4.0+dfsg.orig.tar.xz
074601cf3ed8374ab8772927789d94471de52a05c9224995fc7b60fb747f4b26 17128
org-mode_9.4.0+dfsg-1+deb11u3.debian.tar.xz
d63e094dcb7020f5b2bffa8f6d166e3958a9fa2f6d46e549e963db09d270dc8a 7135
org-mode_9.4.0+dfsg-1+deb11u3_source.buildinfo
Files:
c9320ba79083d110bfc13415945e497a 2163 lisp optional
org-mode_9.4.0+dfsg-1+deb11u3.dsc
aae084475e3cff3d586b2dfacabbabfb 1295952 lisp optional
org-mode_9.4.0+dfsg.orig.tar.xz
1c56c250b9d3abab7f4405eebd1c0b5a 17128 lisp optional
org-mode_9.4.0+dfsg-1+deb11u3.debian.tar.xz
037394b1145a7b948ab91a53d975cf1a 7135 lisp optional
org-mode_9.4.0+dfsg-1+deb11u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ6cARfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EKPwP/Arwymwmw//z7DdcvIQzUUUQzjjGOf6Y
pTmoDHVpI37ndOvDiQ+dKr0M4Om6xH97Cck3U6MGGtdVPHZOgte+0H1a63XmQpC8
6reAqCQhftQFsKuPifrzWsVw0s3SE+yllmPwm23gEohPu5RtKrYoOm3nmuB/NlPs
hchyxB7ikI8ZMHZIjULTYlAu3J0nmyyn6IcRyzZ7v/7H3CeR99FfPvql+1yOWg4A
nto4dBTyzGOROa4jCgN6GzqmOZpht2yvJVefq1g3kpvdF1f4DwV9XY43vUXWeXAn
JtWReFwyaVCkro81iOoZVSNB2Ap+Id6NWzzXs/t5xT3sbLSOH3Belnk+dvFFIeav
cEmcorJJa2Py/aPSqDJ22YLKCosT//kVk7500PfA3sL6t1nMTJg8Csgr7so7Y0cX
lK7mj3kpaZdOB+QyKG/5388xBSogd6J6ghPo4DYjcpwGtlNHcBwJ07JTPBMDA0zq
XiKimcRq57j+jr4TYK4Ovs+9GIKRcdgpmi+yeO9QdU5GPFQHJcGgdMAhk3Fm06Xb
9dqJu0bYjhENdRXWrzpYxYcOipdoMcEzAUtMdCm5cIsGz2EcEoYNeznJb7BYlioD
d9JqXUecNwjgGR7J80asX1yGCskh12VHCvOsfn4/xkR217r2msDN4D4Gh25iIEnM
D3IrhdxY0xcE
=TCon
-----END PGP SIGNATURE-----
pgpwfdAIc7GXN.pgp
Description: PGP signature
--- End Message ---
