Re: [DSA 3970-1] emacs24 security update

To: Bjørn Mork <bjorn@mork.no>
Cc: debian-security@lists.debian.org
Subject: Re: [DSA 3970-1] emacs24 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 13 Sep 2017 09:52:28 +0200
Message-id: <[🔎] 20170913075228.mic4r4e7lycflw52@lorien.valinor.li>
Mail-followup-to: Bjørn Mork <bjorn@mork.no>, debian-security@lists.debian.org
In-reply-to: <[🔎] 87mv5zjcoz.fsf@miraculix.mork.no>
References: <20170912210825.2ciqc3bdnvwn7qph@pisco.westfalen.local> <[🔎] 87mv5zjcoz.fsf@miraculix.mork.no>

Hi!

On Wed, Sep 13, 2017 at 09:10:52AM +0200, Bjørn Mork wrote:
> Moritz Muehlenhoff <jmm@debian.org> writes:
> 
> > Package        : emacs24
> > CVE ID         : not yet available
> >
> > Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code
> > execution when rendering text/enriched MIME data (e.g. when using
> > Emacs-based mail clients).
> >
> > For the oldstable distribution (jessie), this problem has been fixed
> > in version 24.4+1-5+deb8u1.
> >
> > For the stable distribution (stretch), this problem has been fixed in
> > version 24.5+1-11+deb9u1.
> 
> What about emacs25 in stretch?  AFAICS, it is still vulnerable.
> 
> https://bugs.debian.org/875447 was closed with the upload of 25.2+1-6 to
> unstable, but this bug was opened against 25.1+1-4 which still is the
> current version in stretch.  And needs fixing ASAP...

Yes the same update is planned and will go out shortly.

Regards,
Salvatore

Reply to:

References:
- Re: [DSA 3970-1] emacs24 security update
  - From: Bjørn Mork <bjorn@mork.no>

Prev by Date: Re: [DSA 3970-1] emacs24 security update
Next by Date: Availability of blueborne kernel fix ?
Previous by thread: Re: [DSA 3970-1] emacs24 security update
Next by thread: Availability of blueborne kernel fix ?
Index(es):
- Date
- Thread