Bug#1067663: marked as done (org-mode: CVE-2024-30202 CVE-2024-30205)

To: Sean Whitton <spwhitton@spwhitton.name>
Subject: Bug#1067663: marked as done (org-mode: CVE-2024-30202 CVE-2024-30205)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 27 May 2024 14:36:03 +0000
Message-id: <[🔎] handler.1067663.D1067663.17168203581885748.ackdone@bugs.debian.org>
Reply-to: 1067663@bugs.debian.org
References: <E1sBbOs-00697V-80@fasolo.debian.org> <171136056437.2419516.7226051653452941213.reportbug@minkowski>

Your message dated Mon, 27 May 2024 14:32:34 +0000
with message-id <E1sBbOs-00697V-80@fasolo.debian.org>
and subject line Bug#1067663: fixed in org-mode 9.4.0+dfsg-1+deb11u2
has caused the Debian Bug report #1067663,
regarding org-mode: CVE-2024-30202 CVE-2024-30205
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1067663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067663
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: org-mode: Org mode 9.6.23 that fixes several critical
From: David Bremner <bremner@debian.org>
Date: Mon, 25 Mar 2024 06:56:04 -0300
Message-id: <171136056437.2419516.7226051653452941213.reportbug@minkowski>

Package: org-mode
Version: 9.6.10+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: debian-emacsen@lists.debian.org, Debian Security Team <team@security.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t, Ihor Radchenko writes


    I just released Org mode 9.6.23 that fixes several critical
    vulnerabilities. The release is coordinated with emergency Emacs 29.3
    release
    (https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html).

    Please upgrade your Org mode *and* Emacs ASAP.

    The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when
    previewing attachments in Emacs or when opening third-party Org files.


- -- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages org-mode depends on:
ii  elpa-org  9.6.10+dfsg-1

org-mode recommends no packages.

org-mode suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYBSjMACgkQA0U5G1Wq
FSHjuA/+PbZdJex2gariys1U8zA9ExAUW0TKE2Pt/k/bngZt9+B7JGm1bNqSMkBm
mPN+6uIEZdmmasNCqHzNwlxPyezWnL1ik4n3lfz1fkXMSf7YWExcL/rnBvsc6aqi
yzTB0IPP2+1Jx0BV3ysiX62eRlLXiv3NlJQuKHyOwVCjOUDJUdN25YgZQ7b4Q2/S
4lC6O1wkmJqyV/PopvHIeFTo76l8Cg612ZGFrdniXkWB4zUSl2MdfsduimFO4xfp
/izY1u7nCT+bdsKT6OdvKqV5bStEukiklo/A2V9KTWrAQ2xeNwgE0gtP6MYzVfZ+
f7of4+SCqt0dZMwLiuZse+XA82nPnDqSdiT5A5EGRQ8am5BQ9d0weOoaQMho3vym
bUQO0rdU0MCrZR3MxCH4YPKm1ge1wPS7zLL48/+6PFhlHHkmQ1t98EzCbJ+gEgJW
Qm/wnT0ctJRmp2uqGDpRLeI0t+YU/kyfaaHS/rB7XSkQN6vBmJKnClGmgFnhVphR
hrQVVpJjD0SeZSv9uOUI17HfPz9v3pIKLCMs4R2+WTddxf6bdXytFmlOWBlcvEpE
0ocIW00D68jDWx0Bq1PItEJ11V9GbcqrigtBHfEocYVnL4hB3x5lkaGkMF5P2gOn
4OL3eC+UqJoEpr53PiD5fdbo7WkeI3NCdDBqb/GDn9Kj4HQyZqY=
=aTCW
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: 1067663-close@bugs.debian.org
Subject: Bug#1067663: fixed in org-mode 9.4.0+dfsg-1+deb11u2
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 27 May 2024 14:32:34 +0000
Message-id: <E1sBbOs-00697V-80@fasolo.debian.org>
Reply-to: Sean Whitton <spwhitton@spwhitton.name>

Source: org-mode
Source-Version: 9.4.0+dfsg-1+deb11u2
Done: Sean Whitton <spwhitton@spwhitton.name>

We believe that the bug you reported is fixed in the latest version of
org-mode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1067663@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton <spwhitton@spwhitton.name> (supplier of updated org-mode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Apr 2024 09:08:33 +0100
Source: org-mode
Architecture: source
Version: 9.4.0+dfsg-1+deb11u2
Distribution: bullseye
Urgency: high
Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Closes: 1067663
Changes:
 org-mode (9.4.0+dfsg-1+deb11u2) bullseye; urgency=high
 .
   * Team upload.
   * Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067663).
     - Require Emacs 1:27.1+1-3.1+deb11u3 to ensure we get the whole fix.
Checksums-Sha1:
 9f86453ec1e751776f58412909973809468b51d5 2135 org-mode_9.4.0+dfsg-1+deb11u2.dsc
 101b1454f5b15378a2650d9ea1c3ea934b7553f1 16148 org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz
Checksums-Sha256:
 1fc47ddbae681fe21dac3728c493a0d11c611ae0ca0d7b67548f9813b8eb5848 2135 org-mode_9.4.0+dfsg-1+deb11u2.dsc
 5181b3a3b412d5b5de9b3f502a54d0f9410613559399c7b5a79244e25e4e79e6 16148 org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz
Files:
 acb4bf7a9c2e1ee29570848933deae56 2135 lisp optional org-mode_9.4.0+dfsg-1+deb11u2.dsc
 babfd58f7fd2b14fe48e99ad9d93faac 16148 lisp optional org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYwqHIACgkQaVt65L8G
YkCg7RAAs+D7mPajApISrDm+aHwFS5CtKh93kYcbi3tNX9pMrBIbXdSVfXCanlfn
ks50fTz4/cFN35FbJFy02/OIC6jQ6e6luQOLP6N0upYmtkDAbLOmupYwRdHZVunf
OWvs8nvO8kmhemy0BwCAVO4ao1nLybEAGjtgrMrqwaC1bc0enSz4kqoRy7w2iRVC
CNSPp54KYhGAgZVaQJ30tCHCgzXs5bT02zxTUMWgR8GeH11cTeR0BENqIhXriWpm
2sVWIGSRMJEu2dLjvwUZUOeby1WjA+vKvxQ2Vid63Ql5TlCQXX31ObBsr9fV8dUB
1Bhf35o5YTtD7tzvNfGsR1yF2/rmTIgxpslcB2U/2FMM15Tqvky+c49Zq60Wm56g
gF6WtVEtLgpOMtxIbVdE/jeSCPfja1F6uYlVG1lM1bnox/kEzUCVORicf6naCF6R
D74MhfSbS1zSmheDma5Twycp0h1ckKZ/4WKlhOYYelOTDm0S1DngA/NB93SIKSJK
q8FkdJPAIT0bO59tVwxtRk5c18b4IdvksY8pbi51pS44Rh+Fkv/mL1BGggerY8RF
vZW1MaJOKSRzw9Ilt/PM/T0diLou2+7dii02G17ZWNew0+QNy14rfvTz1aH6Xgkt
h+BaLbrrFVwjMoW0nORGoFeHNoeAIjMIdi8+DkOaVNvg59oT2Js=
=eed4
-----END PGP SIGNATURE-----

Attachment: pgp2mrDbULPRg.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: org-mode_9.4.0+dfsg-1+deb11u2_source.changes ACCEPTED into oldstable-proposed-updates
Next by Date: Bug#1072044: RFS: emacs-libvterm/0.0.2+git20240520.df057b1-1 -- fully-fledged terminal emulator inside GNU Emacs based on libvterm - module
Previous by thread: org-mode_9.4.0+dfsg-1+deb11u2_source.changes ACCEPTED into oldstable-proposed-updates
Next by thread: Bug#1072044: RFS: emacs-libvterm/0.0.2+git20240520.df057b1-1 -- fully-fledged terminal emulator inside GNU Emacs based on libvterm - module
Index(es):
- Date
- Thread