Your message dated Mon, 25 Mar 2024 21:19:46 +0000 with message-id <E1rorjO-00FQUa-88@fasolo.debian.org> and subject line Bug#1067663: fixed in org-mode 9.6.23+dfsg-1 has caused the Debian Bug report #1067663, regarding org-mode: CVE-2024-30202 CVE-2024-30205 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1067663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067663 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: org-mode: Org mode 9.6.23 that fixes several critical
- From: David Bremner <bremner@debian.org>
- Date: Mon, 25 Mar 2024 06:56:04 -0300
- Message-id: <[🔎] 171136056437.2419516.7226051653452941213.reportbug@minkowski>
Package: org-mode Version: 9.6.10+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: debian-emacsen@lists.debian.org, Debian Security Team <team@security.debian.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 In https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t, Ihor Radchenko writes I just released Org mode 9.6.23 that fixes several critical vulnerabilities. The release is coordinated with emergency Emacs 29.3 release (https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html). Please upgrade your Org mode *and* Emacs ASAP. The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when previewing attachments in Emacs or when opening third-party Org files. - -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages org-mode depends on: ii elpa-org 9.6.10+dfsg-1 org-mode recommends no packages. org-mode suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYBSjMACgkQA0U5G1Wq FSHjuA/+PbZdJex2gariys1U8zA9ExAUW0TKE2Pt/k/bngZt9+B7JGm1bNqSMkBm mPN+6uIEZdmmasNCqHzNwlxPyezWnL1ik4n3lfz1fkXMSf7YWExcL/rnBvsc6aqi yzTB0IPP2+1Jx0BV3ysiX62eRlLXiv3NlJQuKHyOwVCjOUDJUdN25YgZQ7b4Q2/S 4lC6O1wkmJqyV/PopvHIeFTo76l8Cg612ZGFrdniXkWB4zUSl2MdfsduimFO4xfp /izY1u7nCT+bdsKT6OdvKqV5bStEukiklo/A2V9KTWrAQ2xeNwgE0gtP6MYzVfZ+ f7of4+SCqt0dZMwLiuZse+XA82nPnDqSdiT5A5EGRQ8am5BQ9d0weOoaQMho3vym bUQO0rdU0MCrZR3MxCH4YPKm1ge1wPS7zLL48/+6PFhlHHkmQ1t98EzCbJ+gEgJW Qm/wnT0ctJRmp2uqGDpRLeI0t+YU/kyfaaHS/rB7XSkQN6vBmJKnClGmgFnhVphR hrQVVpJjD0SeZSv9uOUI17HfPz9v3pIKLCMs4R2+WTddxf6bdXytFmlOWBlcvEpE 0ocIW00D68jDWx0Bq1PItEJ11V9GbcqrigtBHfEocYVnL4hB3x5lkaGkMF5P2gOn 4OL3eC+UqJoEpr53PiD5fdbo7WkeI3NCdDBqb/GDn9Kj4HQyZqY= =aTCW -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
- To: 1067663-close@bugs.debian.org
- Subject: Bug#1067663: fixed in org-mode 9.6.23+dfsg-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 25 Mar 2024 21:19:46 +0000
- Message-id: <E1rorjO-00FQUa-88@fasolo.debian.org>
- Reply-to: Nicholas D Steeves <sten@debian.org>
Source: org-mode Source-Version: 9.6.23+dfsg-1 Done: Nicholas D Steeves <sten@debian.org> We believe that the bug you reported is fixed in the latest version of org-mode, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067663@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicholas D Steeves <sten@debian.org> (supplier of updated org-mode package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 Mar 2024 15:54:00 -0400 Source: org-mode Architecture: source Version: 9.6.23+dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org> Changed-By: Nicholas D Steeves <sten@debian.org> Closes: 1067663 Changes: org-mode (9.6.23+dfsg-1) unstable; urgency=high . * Install upstream changelog. * New upstream release (Closes: #1067663). * Update FSF's copyright years. Checksums-Sha1: 57cf515b38340de43e23d7604a6b0f196680163f 1983 org-mode_9.6.23+dfsg-1.dsc 6226124a6449bbdbd1caeefad1c43686618e316f 1289572 org-mode_9.6.23+dfsg.orig.tar.xz cc3e24acaa21d09ffb140826352b6e23eacbc999 16812 org-mode_9.6.23+dfsg-1.debian.tar.xz 5bf8a356359e71a4634d8b9839a1f57866c07658 9391 org-mode_9.6.23+dfsg-1_amd64.buildinfo Checksums-Sha256: c120f66fbb1221edbac5aa5f1e0b985c76e8447b2221ef1733a1d7e18ceb9e7a 1983 org-mode_9.6.23+dfsg-1.dsc 1ba75446d95b5c211b15c15f5a1fd0a570af3a7c62bc484a35144d75cda5b233 1289572 org-mode_9.6.23+dfsg.orig.tar.xz c3eca887d4fa262c8e6f28d84fae0361f4fddcafbe7f006d3d15e437d26caf46 16812 org-mode_9.6.23+dfsg-1.debian.tar.xz 7b6703b9552a8626d29e9d2f319ea731f76993b2ab67d9003705a50e2a658f6e 9391 org-mode_9.6.23+dfsg-1_amd64.buildinfo Files: 62e3a665d62513e0ef511331dc0581b3 1983 lisp optional org-mode_9.6.23+dfsg-1.dsc 4384ddba2cf55009275b318c5451376f 1289572 lisp optional org-mode_9.6.23+dfsg.orig.tar.xz 9a1f42eaa2646bb48bced6de2fff4d53 16812 lisp optional org-mode_9.6.23+dfsg-1.debian.tar.xz c78f852d3e0922b266511dcda479279b 9391 lisp optional org-mode_9.6.23+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4qYmHjkArtfNxmcIWogwR199EGEFAmYB13gACgkQWogwR199 EGEofhAAjNyo7FndIVh6rhkGbdy1UOUtQcob4XKkapXWuN+ZBtMxhPqauLxJ80We hbmfvfdS9fDOir93DASxtp09pTz2UDypjwRzaKPx11p0b5eVl6E2JDScuPbA6OB/ Fkavj7MUxi1XgpRQEao92+rAIEOPYp958M8kwBEUnUEn5pfOG5HunmAf32kRtmKI L35EcQMwnFsMsMjR2EThIxImZy8U/1du6mZC8f0zc3XITYHMiaCe5fZlTWn9aGNF YM+9txdKiEJhi0S6rhhZ7bqiXebDWlyr2XsQem8bded7l2bwPjBpizRHbJvKHj3T Oj0Y4BulD47NyXOtLg1/4YSil8njmj5zoq7w+oI97EEPLVUmw2T5Ts+A7kMWGlwX 0JMRXxzeTwUaRdDxMrLsEraxVHGgGaj3TtX2foa1SEQ5yi9DUfctk2a247XlKlGG MGmwMHBFUVOjP0HnELjw5gOrtn0B14vH9oyKwKNq67ZpiSXNZoZHI3AomwRbtGkh sYyL4w+J5Ffk77/UxIt6VI9ICi04gF5hhKh1UgHzbO/fT6/sfw2DL47CmPW7+REF xM/B0OlZL6hpLW/z5jPDEzlWavrfYfCcx6ijZN1O0r7Kv9wnH2H1DTKy/nei8cJL 1tDq7QZnYESR8MyjDRZeoBGod6EVNaaBGUW0dGTLqArecxZzpN0= =+6jr -----END PGP SIGNATURE-----Attachment: pgpivSP0h3iI9.pgp
Description: PGP signature
--- End Message ---