Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d162b48 by Salvatore Bonaccorso at 2024-06-25T21:38:19+02:00
Merge changes for org-mode and emacs which will be included in next DSA
implicitly
But already pending for the upcoming point releases and accepted in
their versions. So track this actual version which is known for the
archive.
- - - - -
3 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -31751,11 +31751,11 @@ CVE-2023-47430 (Stack-buffer-overflow vulnerability
in ReadyMedia (MiniDLNA) v1.
CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote
files to b ...)
{DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
- [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- org-mode 9.6.23+dfsg-1 (bug #1067663)
[bookworm] - org-mode <ignored> (Produces only a dependency binary
package)
- [bullseye] - org-mode <no-dsa> (Minor issue; can be fixed via point
release)
+ [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1
NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877
(emacs-29.3)
@@ -31764,11 +31764,11 @@ CVE-2024-30205 (In Emacs before 29.3, Org mode
considers contents of remote file
CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for
e-mail a ...)
{DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
- [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- org-mode 9.6.23+dfsg-1 (bug #1067663)
[bookworm] - org-mode <ignored> (Produces only a dependency binary
package)
- [bullseye] - org-mode <no-dsa> (Minor issue; can be fixed via point
release)
+ [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1
NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c
(emacs-29.3)
@@ -31777,17 +31777,17 @@ CVE-2024-30204 (In Emacs before 29.3, LaTeX preview
is enabled by default for e-
CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as
trusted.)
{DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
- [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- org-mode 9.6.23+dfsg-1 (bug #1067663)
[bookworm] - org-mode <ignored> (Produces only a dependency binary
package)
- [bullseye] - org-mode <no-dsa> (Minor issue; can be fixed via point
release)
+ [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1
NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804
(emacs-29.3)
CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part
of turn ...)
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point
release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
[bullseye] - emacs <not-affected> (Vulnerable code not present)
[buster] - emacs <not-affected> (Vulnerable code not present)
- org-mode 9.6.23+dfsg-1 (bug #1067663)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -87,15 +87,6 @@ CVE-2024-2398
[bullseye] - curl 7.74.0-1.3+deb11u12
CVE-2024-24814
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4
-CVE-2024-30203
- [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
-CVE-2024-30204
- [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
-CVE-2024-30205
- [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
CVE-2023-52723
[bullseye] - libkf5ksieve 4:20.08.3-1+deb11u1
CVE-2024-25580
=====================================
data/next-point-update.txt
=====================================
@@ -76,14 +76,6 @@ CVE-2023-1370
[bookworm] - json-smart 2.2-2+deb12u1
CVE-2024-24814:
[bookworm] - libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1
-CVE-2024-30202
- [bookworm] - emacs 1:28.2+1-15+deb12u1
-CVE-2024-30203
- [bookworm] - emacs 1:28.2+1-15+deb12u1
-CVE-2024-30204
- [bookworm] - emacs 1:28.2+1-15+deb12u1
-CVE-2024-30205
- [bookworm] - emacs 1:28.2+1-15+deb12u1
CVE-2023-52723
[bookworm] - libkf5ksieve 4:22.12.3-1+deb12u1
CVE-2023-52160
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d162b48a56c928ee431429533c1dc610618951b
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d162b48a56c928ee431429533c1dc610618951b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
