Your message dated Fri, 21 Apr 2023 03:19:39 +0000
with message-id <[email protected]>
and subject line Bug#1033342: fixed in emacs 1:28.2+1-14
has caused the Debian Bug report #1033342,
regarding emacs: CVE-2023-28617
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1033342: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033342
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: org-mode
Version: 9.5.2+dfsh-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:emacs 1:28.2+1-13
Control: retitle -2 emacs: CVE-2023-28617
Hi,
The following vulnerability was published for org-mode (and emacs,
will close tis bug).
CVE-2023-28617[0]:
| org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for
| GNU Emacs allows attackers to execute arbitrary commands via a file
| name or directory name that contains shell metacharacters.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-28617
https://www.cve.org/CVERecord?id=CVE-2023-28617
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:28.2+1-14
Done: Rob Browning <[email protected]>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rob Browning <[email protected]> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 01 Apr 2023 22:38:56 -0500
Source: emacs
Architecture: source
Version: 1:28.2+1-14
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <[email protected]>
Changed-By: Rob Browning <[email protected]>
Closes: 1033342 1033397
Changes:
emacs (1:28.2+1-14) unstable; urgency=medium
.
* Fix gnus nnml crash on some invalid headers. Add
0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch to
address the issue. (Closes: 1033397)
.
* Fix Org Mode command injection vulnerability CVE-2023-28617. Add
0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch and
0028-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-2-2.patch to
address the issue. (Closes: 1033342)
Checksums-Sha1:
bdd8a8cd515c739a61c28ef43d31cbbeedb6b3e9 2909 emacs_28.2+1-14.dsc
a645392239c2c3407974fd723770f62ac6099483 122356 emacs_28.2+1-14.debian.tar.xz
146f0ebb3be86ea620c69bd42330728a830963d0 19567 emacs_28.2+1-14_amd64.buildinfo
Checksums-Sha256:
b4a434498fc8f21e77978eac69dcb38f5edab8483fba2eb024adefe1db0a207e 2909
emacs_28.2+1-14.dsc
a04a47884d36adafb17a4688eea394848d817dd240718ea380f37715e76f00f2 122356
emacs_28.2+1-14.debian.tar.xz
7eedc2aa2339def8dfe27171682b6e522f64ef2acc6913fa47a49ef2141007f8 19567
emacs_28.2+1-14_amd64.buildinfo
Files:
a6c44ed97c6eb6e67cda02cb0d21caa8 2909 editors optional emacs_28.2+1-14.dsc
c2a076d32c9c8b543d0d3d6516c8a040 122356 editors optional
emacs_28.2+1-14.debian.tar.xz
1c1252932811dad6ce3479951b8be2d1 19567 editors optional
emacs_28.2+1-14_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEPTFSABe5ruOuhW+97vEWxVpaQvEFAmRB+6cVHHJsYkBkZWZh
dWx0dmFsdWUub3JnAAoJEO7xFsVaWkLxNzgP+QFuT6qir9FmG8780+N6W7aoaRkV
+3cWS7xGRgUylIBlneRCwufuTW8YWDBGSlpY8z+jCIxWShQwQwqkmNkwPaEHtuKr
05ty3nBTbV58UyexdfDSSFAlKD5Ra4wU1pQDAXo45u1FAWCGXp80nr3+Qntriz6y
FlwfLD3gBtNwm2opZNI7nwK8loHjyG4jtykiPSIvzSqyYSibp3umIiM2p7K5YJEH
6R83Hx9GP3TrC622b7Jy/vOsaAzK1v8FL6AwEq+6RfZ+Jk7X3TEPwfLFrcTsUgOV
7UeY/0V/+Hh2S8Vfd8HlttZjst34VOT5oh6Bwa3MhukOUHpKS/Zm6+1b4uJ9RI9C
RLWJ54PAL7g1r2vsYTf3tG7+ZkpfrroAUERxF7SZ0FbJcfP1xZaC/cfwMAymd5FN
RJtHHw7UcyC6MUvU/2UPhrI6KjUVq0Qq/73yupU03bJWTrc+eDnxQ4mp+fLvFwd3
6BsMp7nyxRWbX4SoiZmcS/1Ijx5b09WayM1SNFuQWcONwAz+dZtsQAjCRAMeshg3
d844wZw7Mxs42fgSVJcth/JRKK+D7faFPsytflxXyNijZh6i3NsnAiuemgA6EF5t
AlKhR6tpeeJjsY6IlzsRdaFEboHP6GbPjZhvzytKjudt6scXZ9j2q/wX7MuLJu3r
pbao3HYaWkwnictj
=H2zD
-----END PGP SIGNATURE-----
--- End Message ---
