Your message dated Mon, 27 May 2024 14:32:34 +0000 with message-id <E1sBbOs-00697V-80@fasolo.debian.org> and subject line Bug#1067663: fixed in org-mode 9.4.0+dfsg-1+deb11u2 has caused the Debian Bug report #1067663, regarding org-mode: CVE-2024-30202 CVE-2024-30205 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1067663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067663 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: org-mode: Org mode 9.6.23 that fixes several critical
- From: David Bremner <bremner@debian.org>
- Date: Mon, 25 Mar 2024 06:56:04 -0300
- Message-id: <171136056437.2419516.7226051653452941213.reportbug@minkowski>
Package: org-mode Version: 9.6.10+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: debian-emacsen@lists.debian.org, Debian Security Team <team@security.debian.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 In https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t, Ihor Radchenko writes I just released Org mode 9.6.23 that fixes several critical vulnerabilities. The release is coordinated with emergency Emacs 29.3 release (https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html). Please upgrade your Org mode *and* Emacs ASAP. The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when previewing attachments in Emacs or when opening third-party Org files. - -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages org-mode depends on: ii elpa-org 9.6.10+dfsg-1 org-mode recommends no packages. org-mode suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYBSjMACgkQA0U5G1Wq FSHjuA/+PbZdJex2gariys1U8zA9ExAUW0TKE2Pt/k/bngZt9+B7JGm1bNqSMkBm mPN+6uIEZdmmasNCqHzNwlxPyezWnL1ik4n3lfz1fkXMSf7YWExcL/rnBvsc6aqi yzTB0IPP2+1Jx0BV3ysiX62eRlLXiv3NlJQuKHyOwVCjOUDJUdN25YgZQ7b4Q2/S 4lC6O1wkmJqyV/PopvHIeFTo76l8Cg612ZGFrdniXkWB4zUSl2MdfsduimFO4xfp /izY1u7nCT+bdsKT6OdvKqV5bStEukiklo/A2V9KTWrAQ2xeNwgE0gtP6MYzVfZ+ f7of4+SCqt0dZMwLiuZse+XA82nPnDqSdiT5A5EGRQ8am5BQ9d0weOoaQMho3vym bUQO0rdU0MCrZR3MxCH4YPKm1ge1wPS7zLL48/+6PFhlHHkmQ1t98EzCbJ+gEgJW Qm/wnT0ctJRmp2uqGDpRLeI0t+YU/kyfaaHS/rB7XSkQN6vBmJKnClGmgFnhVphR hrQVVpJjD0SeZSv9uOUI17HfPz9v3pIKLCMs4R2+WTddxf6bdXytFmlOWBlcvEpE 0ocIW00D68jDWx0Bq1PItEJ11V9GbcqrigtBHfEocYVnL4hB3x5lkaGkMF5P2gOn 4OL3eC+UqJoEpr53PiD5fdbo7WkeI3NCdDBqb/GDn9Kj4HQyZqY= =aTCW -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
- To: 1067663-close@bugs.debian.org
- Subject: Bug#1067663: fixed in org-mode 9.4.0+dfsg-1+deb11u2
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 27 May 2024 14:32:34 +0000
- Message-id: <E1sBbOs-00697V-80@fasolo.debian.org>
- Reply-to: Sean Whitton <spwhitton@spwhitton.name>
Source: org-mode Source-Version: 9.4.0+dfsg-1+deb11u2 Done: Sean Whitton <spwhitton@spwhitton.name> We believe that the bug you reported is fixed in the latest version of org-mode, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067663@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sean Whitton <spwhitton@spwhitton.name> (supplier of updated org-mode package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 09:08:33 +0100 Source: org-mode Architecture: source Version: 9.4.0+dfsg-1+deb11u2 Distribution: bullseye Urgency: high Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org> Changed-By: Sean Whitton <spwhitton@spwhitton.name> Closes: 1067663 Changes: org-mode (9.4.0+dfsg-1+deb11u2) bullseye; urgency=high . * Team upload. * Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067663). - Require Emacs 1:27.1+1-3.1+deb11u3 to ensure we get the whole fix. Checksums-Sha1: 9f86453ec1e751776f58412909973809468b51d5 2135 org-mode_9.4.0+dfsg-1+deb11u2.dsc 101b1454f5b15378a2650d9ea1c3ea934b7553f1 16148 org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz Checksums-Sha256: 1fc47ddbae681fe21dac3728c493a0d11c611ae0ca0d7b67548f9813b8eb5848 2135 org-mode_9.4.0+dfsg-1+deb11u2.dsc 5181b3a3b412d5b5de9b3f502a54d0f9410613559399c7b5a79244e25e4e79e6 16148 org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz Files: acb4bf7a9c2e1ee29570848933deae56 2135 lisp optional org-mode_9.4.0+dfsg-1+deb11u2.dsc babfd58f7fd2b14fe48e99ad9d93faac 16148 lisp optional org-mode_9.4.0+dfsg-1+deb11u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYwqHIACgkQaVt65L8G YkCg7RAAs+D7mPajApISrDm+aHwFS5CtKh93kYcbi3tNX9pMrBIbXdSVfXCanlfn ks50fTz4/cFN35FbJFy02/OIC6jQ6e6luQOLP6N0upYmtkDAbLOmupYwRdHZVunf OWvs8nvO8kmhemy0BwCAVO4ao1nLybEAGjtgrMrqwaC1bc0enSz4kqoRy7w2iRVC CNSPp54KYhGAgZVaQJ30tCHCgzXs5bT02zxTUMWgR8GeH11cTeR0BENqIhXriWpm 2sVWIGSRMJEu2dLjvwUZUOeby1WjA+vKvxQ2Vid63Ql5TlCQXX31ObBsr9fV8dUB 1Bhf35o5YTtD7tzvNfGsR1yF2/rmTIgxpslcB2U/2FMM15Tqvky+c49Zq60Wm56g gF6WtVEtLgpOMtxIbVdE/jeSCPfja1F6uYlVG1lM1bnox/kEzUCVORicf6naCF6R D74MhfSbS1zSmheDma5Twycp0h1ckKZ/4WKlhOYYelOTDm0S1DngA/NB93SIKSJK q8FkdJPAIT0bO59tVwxtRk5c18b4IdvksY8pbi51pS44Rh+Fkv/mL1BGggerY8RF vZW1MaJOKSRzw9Ilt/PM/T0diLou2+7dii02G17ZWNew0+QNy14rfvTz1aH6Xgkt h+BaLbrrFVwjMoW0nORGoFeHNoeAIjMIdi8+DkOaVNvg59oT2Js= =eed4 -----END PGP SIGNATURE-----Attachment: pgp2mrDbULPRg.pgp
Description: PGP signature
--- End Message ---