[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 3970-1] emacs24 security update



Moritz Muehlenhoff <jmm@debian.org> writes:

> Package        : emacs24
> CVE ID         : not yet available
>
> Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code
> execution when rendering text/enriched MIME data (e.g. when using
> Emacs-based mail clients).
>
> For the oldstable distribution (jessie), this problem has been fixed
> in version 24.4+1-5+deb8u1.
>
> For the stable distribution (stretch), this problem has been fixed in
> version 24.5+1-11+deb9u1.

What about emacs25 in stretch?  AFAICS, it is still vulnerable.

https://bugs.debian.org/875447 was closed with the upload of 25.2+1-6 to
unstable, but this bug was opened against 25.1+1-4 which still is the
current version in stretch.  And needs fixing ASAP...


Bjørn


Reply to: