[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 3970-1] emacs24 security update



Hi!

On Wed, Sep 13, 2017 at 09:10:52AM +0200, Bjørn Mork wrote:
> Moritz Muehlenhoff <jmm@debian.org> writes:
> 
> > Package        : emacs24
> > CVE ID         : not yet available
> >
> > Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code
> > execution when rendering text/enriched MIME data (e.g. when using
> > Emacs-based mail clients).
> >
> > For the oldstable distribution (jessie), this problem has been fixed
> > in version 24.4+1-5+deb8u1.
> >
> > For the stable distribution (stretch), this problem has been fixed in
> > version 24.5+1-11+deb9u1.
> 
> What about emacs25 in stretch?  AFAICS, it is still vulnerable.
> 
> https://bugs.debian.org/875447 was closed with the upload of 25.2+1-6 to
> unstable, but this bug was opened against 25.1+1-4 which still is the
> current version in stretch.  And needs fixing ASAP...

Yes the same update is planned and will go out shortly.

Regards,
Salvatore


Reply to: