Re: [DSA 3970-1] emacs24 security update
Hi!
On Wed, Sep 13, 2017 at 09:10:52AM +0200, Bjørn Mork wrote:
> Moritz Muehlenhoff <jmm@debian.org> writes:
>
> > Package : emacs24
> > CVE ID : not yet available
> >
> > Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code
> > execution when rendering text/enriched MIME data (e.g. when using
> > Emacs-based mail clients).
> >
> > For the oldstable distribution (jessie), this problem has been fixed
> > in version 24.4+1-5+deb8u1.
> >
> > For the stable distribution (stretch), this problem has been fixed in
> > version 24.5+1-11+deb9u1.
>
> What about emacs25 in stretch? AFAICS, it is still vulnerable.
>
> https://bugs.debian.org/875447 was closed with the upload of 25.2+1-6 to
> unstable, but this bug was opened against 25.1+1-4 which still is the
> current version in stretch. And needs fixing ASAP...
Yes the same update is planned and will go out shortly.
Regards,
Salvatore
Reply to: