Your message dated Tue, 14 Mar 2023 21:19:49 +0000
with message-id <[email protected]>
and subject line Bug#1032538: fixed in emacs 1:28.2+1-13
has caused the Debian Bug report #1032538,
regarding emacs: CVE-2023-27985 CVE-2023-27986
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1032538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032538
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: emacs
Version: 1:28.2+1-11
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi
No CVEs are yet assigned for the the following two issues:
| emacsclient-mail.desktop is vulnerable to shell command
| injections and Emacs Lisp injections through a crafted
| mailto: URI.
See: https://www.openwall.com/lists/oss-security/2023/03/08/2
Fixes:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467
http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc
Those do not affect older versions in bullseye. Making it RC for
bookworm and have a fix included before bookworm release.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:28.2+1-13
Done: Sean Whitton <[email protected]>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <[email protected]> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Mar 2023 13:30:28 -0700
Source: emacs
Architecture: source
Version: 1:28.2+1-13
Distribution: unstable
Urgency: high
Maintainer: Rob Browning <[email protected]>
Changed-By: Sean Whitton <[email protected]>
Closes: 1032538
Changes:
emacs (1:28.2+1-13) unstable; urgency=high
.
* Cherry-pick upstream fixes for command injection vulnerabilities
(CVE-2023-27984, CVE-2023-27986) (Closes: #1032538).
Checksums-Sha1:
5e06d903df52126f12a4f1ab6be9913c016c986b 2995 emacs_28.2+1-13.dsc
4ff4c5e1a63a0d5ef1a1a612d7d70e5ff70fa53c 121140 emacs_28.2+1-13.debian.tar.xz
Checksums-Sha256:
6eed0c850fb9f463ac5249a69da0547b0ac98503d98d4b89ea5c5106dedc1ebc 2995
emacs_28.2+1-13.dsc
b2a878c66b62b8601d2c7c1c7e8fb8c285fc0efc7723442e45a12ffd8df1da46 121140
emacs_28.2+1-13.debian.tar.xz
Files:
b11a8af4743b211e9e6e59c7a3ad1930 2995 editors optional emacs_28.2+1-13.dsc
8cc46222e6d95a09efc3a9af54ed07d1 121140 editors optional
emacs_28.2+1-13.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmQQ4PYACgkQaVt65L8G
YkB2yhAAhS3XMCAhawHN2yl8TKziJpzQgv7PctUp0a1o3dklwKwhrtccHIgSQ5yu
OLfi8GjgnnKBEHEhRMPYWjlo9YZ/5m6egv5JJYOc8U7AsiI66jBP7GXOeTVAH/Ni
SSoVrXtgDU+2vtN+G9imLUacnaukL0dTXOCq0JS3Oefsh9l2IC/ialfdVKNsKV2H
/rionEmpJI931ly+1s47RbBTrIt8a4lo7YPgFuqWzW8PpzDetJZwUxbN2KotJgvz
Gpgq6XB00fMOrfH7Sekl80Ceqx9CbzoROpVuMEXnoy0KQE3Zen4B5pbgmi9pphxy
1V2xfRYbTHUSmmJnvc+NAx7JhAppSyEyJk0hcH1lmDNmuvzTIPNVD40p6WvoR1wt
HI8oXbGHc8EYAuH2xgTRP4kMsocxDFbnfCsz1AUB8rUZSLkR8Uja1BV+0mh9JqCf
OPQXJkO8xMK1BQnOWj++bAqIddcj96JSPIVLZkjc8eC+9SoIl4eDj0z2XZCKsuo/
iVCMFudyUZXuwj03btD1fooCUxuvYERF9lRM1/rUodpyiE5NAK6OUcEwPPcDCllE
8YfvQkRPF4bVk6g1ZstVQvFLc9hncmifhaNwSq0KW+4hEh1Q2fNU2tldxxemCUEd
W7IMrRut0did+/04gFQ1JnfAQAu38JWS/GKLkspRAANp+k2RhLw=
=uT71
-----END PGP SIGNATURE-----
--- End Message ---
