[SECURITY] [DLA 3616-1] org-mode security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3616-1] org-mode security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 12 Oct 2023 12:09:58 +0100
Message-id: <[🔎] 169710036750.521951.6345287277272865566@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3616-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 12, 2023                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : org-mode
Version        : 9.1.14+dfsg-3+deb10u1
CVE ID         : CVE-2023-28617
Debian Bug     : 1033341

It was discovered that there was a potential code injection
vulnerability in org-mode, a popular add-on for the Emacs text
editor.

Attackers could have executed arbitrary shell commands via a filename
(or directory name) that contained shell metacharacters. 

For Debian 10 buster, this problem has been fixed in version
9.1.14+dfsg-3+deb10u1.

We recommend that you upgrade your org-mode packages.

For the detailed security status of org-mode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/org-mode

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmUnsk0ACgkQHpU+J9Qx
HlhI4w/9EdU/fiZ16JRT9eqCMGMkWAxzZqiUvCcOalG2RZZcRLi+Pe49yswDWdlr
khdUbR9ksr3OIUQWGftiWpEiOCTu6rEZ/7jHRSzAZ61l6nutce4VDTWYPMWB4aTW
GzWoMd3P2/GroDGfDojRtaDEtsr80UpGQ84DbYXSRSTVJUrz5x9gr1+q8CDIght5
BU8iKJn+d9tzJYRiAQOdX2Iniz2LS/mTQtyYuRODkmVkGFgpnNCN5p2jnbCPk2+S
cmNRytIKgboS1LD8K7cL3yXtahqV1qYXsIIqY5ggPxivPwW7P7ubf10WidhX34Rr
B1zpXk3jTlZI2opl1nU9izZkBGBHBXnUhj5uEkgiBTlEjNoWA79PtByoQ8bd6G6K
OHihAg9nbxmPSfJyJN9uy2tr8a1Dq8jgAzWan81eSYxhAIJm6uhCVg/peMx9MY9c
1zVPqnxoK1sxBdpcDKCdEe3j4M624VI48ruRSLciFarADxnsVCeLMgH4nHnmmYYI
zIAzlAPpqs6fvV52nDeNFhBurk5576mactPs6DyqZEE0TiYRrHSsT03kX+doQfMw
Ai0RfRZtXJMSvU2dgdOktVByFNdCFub9Njj5cFy0amr8NcqlTfLgS7nIg+X9eNfS
SVegiGCK02XAZpetkreuOD1rDOMW7iRHQKbydvOKx0Dy+tPBXHI=
=tWW9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3615-1] libcue security update
Next by Date: [SECURITY] [DLA 3617-1] tomcat9 security update
Previous by thread: [SECURITY] [DLA 3615-1] libcue security update
Next by thread: [SECURITY] [DLA 3617-1] tomcat9 security update
Index(es):
- Date
- Thread