Bug#1033341: org-mode: CVE-2023-28617

To: Nicholas D Steeves <sten@debian.org>, 1033341@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Cc: Debian Security Team <team@security.debian.org>
Subject: Bug#1033341: org-mode: CVE-2023-28617
From: David Bremner <david@tethera.net>
Date: Sun, 04 Jun 2023 08:34:18 -0300
Message-id: <[🔎] 873537xxz9.fsf@tethera.net>
Reply-to: David Bremner <david@tethera.net>, 1033341@bugs.debian.org
In-reply-to: <[🔎] 87y1l0f0ho.fsf@DigitalMercury.freeddns.org>
References: <167952119237.188403.11223596843949768563.reportbug@eldamar.lan> <167952119237.188403.11223596843949768563.reportbug@eldamar.lan> <[🔎] 87y1l0f0ho.fsf@DigitalMercury.freeddns.org> <167952119237.188403.11223596843949768563.reportbug@eldamar.lan>

Nicholas D Steeves <sten@debian.org> writes:

> fixed 1033341 org/mode/9.5.2+dfsh-5
> fixed 1033341 org-mode/9.6.6+dfsg-1~exp1
> thanks

Are you sure about that? It depends on emacs 28.2, which afaik has the
vulnerable org-mode embedded. I guess it's a question of interpretation,
but the vulnerability is still there after installing the package.

d

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#1033341: org-mode: CVE-2023-28617
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1033341: org-mode: CVE-2023-28617
  - From: Nicholas D Steeves <sten@debian.org>

References:
- Bug#1033341: org-mode: CVE-2023-28617
  - From: Nicholas D Steeves <sten@debian.org>

Prev by Date: Bug#1033341: org-mode: CVE-2023-28617
Next by Date: Bug#1033341: org-mode: CVE-2023-28617
Previous by thread: Bug#1033341: org-mode: CVE-2023-28617
Next by thread: Bug#1033341: org-mode: CVE-2023-28617
Index(es):
- Date
- Thread