Bug#1067663: org-mode: Org mode 9.6.23 that fixes several critical

[Nicholas D Steeves]

fixed 1067663 org-mode/9.5.2+dfsh-5
found 1067663 org-mode/9.6.7+dfsg-1
thanks

9.5.2+dfsh-5 in stable/bookworm is an empty package that depends on the
org-mode bundled with stable/bookworm's Emacs, so I'm marking this CVE
as fixed there.  Elpa-org in stable/bookworm will be fixed by a security
upload of Emacs.

I'm skipping 9.6.6+dfsg-1~exp1, since it's not relevant anymore.

Bug#1067663: org-mode: Org mode 9.6.23 that fixes several critical

[Nicholas D Steeves]

reopen 1067663
found org-mode/9.1.14+dfsg-3
found org-mode/9.1.14+dfsg-3+deb10u1
found org-mode/9.4.0+dfsg-1+deb11u1
found org-mode/9.5.2+dfsh-5
thanks

Updating the affected versions from:

  https://security-tracker.debian.org/tracker/CVE-2024-30202

and

  https://security-tracker.debian.org/tracker/CVE-2024-30205

Bug#1067663: org-mode: Org mode 9.6.23 that fixes several critical

[David Bremner]

Package: org-mode
Version: 9.6.10+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: debian-emac...@lists.debian.org, Debian Security Team 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

In https://list.orgmode.org/87o7b3eczr@bzg.fr/T/#t, Ihor Radchenko writes


I just released Org mode 9.6.23 that fixes several critical
vulnerabilities. The release is coordinated with emergency Emacs 29.3
release
(https://lists.gnu.org/archive/html/info-gnu/2024-03/msg5.html).

Please upgrade your Org mode *and* Emacs ASAP.

The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when
previewing attachments in Emacs or when opening third-party Org files.


- -- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages org-mode depends on:
ii  elpa-org  9.6.10+dfsg-1

org-mode recommends no packages.

org-mode suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYBSjMACgkQA0U5G1Wq
FSHjuA/+PbZdJex2gariys1U8zA9ExAUW0TKE2Pt/k/bngZt9+B7JGm1bNqSMkBm
mPN+6uIEZdmmasNCqHzNwlxPyezWnL1ik4n3lfz1fkXMSf7YWExcL/rnBvsc6aqi
yzTB0IPP2+1Jx0BV3ysiX62eRlLXiv3NlJQuKHyOwVCjOUDJUdN25YgZQ7b4Q2/S
4lC6O1wkmJqyV/PopvHIeFTo76l8Cg612ZGFrdniXkWB4zUSl2MdfsduimFO4xfp
/izY1u7nCT+bdsKT6OdvKqV5bStEukiklo/A2V9KTWrAQ2xeNwgE0gtP6MYzVfZ+
f7of4+SCqt0dZMwLiuZse+XA82nPnDqSdiT5A5EGRQ8am5BQ9d0weOoaQMho3vym
bUQO0rdU0MCrZR3MxCH4YPKm1ge1wPS7zLL48/+6PFhlHHkmQ1t98EzCbJ+gEgJW
Qm/wnT0ctJRmp2uqGDpRLeI0t+YU/kyfaaHS/rB7XSkQN6vBmJKnClGmgFnhVphR
hrQVVpJjD0SeZSv9uOUI17HfPz9v3pIKLCMs4R2+WTddxf6bdXytFmlOWBlcvEpE
0ocIW00D68jDWx0Bq1PItEJ11V9GbcqrigtBHfEocYVnL4hB3x5lkaGkMF5P2gOn
4OL3eC+UqJoEpr53PiD5fdbo7WkeI3NCdDBqb/GDn9Kj4HQyZqY=
=aTCW
-END PGP SIGNATURE-