[Git][security-tracker-team/security-tracker][master] Merge changes for org-mode and emacs which will be included in next DSA implicitly
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 25 20:39:29 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d162b48 by Salvatore Bonaccorso at 2024-06-25T21:38:19+02:00
Merge changes for org-mode and emacs which will be included in next DSA implicitly
But already pending for the upcoming point releases and accepted in
their versions. So track this actual version which is known for the
archive.
- - - - -
3 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -31751,11 +31751,11 @@ CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.
CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...)
{DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
- [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- org-mode 9.6.23+dfsg-1 (bug #1067663)
[bookworm] - org-mode <ignored> (Produces only a dependency binary package)
- [bullseye] - org-mode <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1
NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 (emacs-29.3)
@@ -31764,11 +31764,11 @@ CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote file
CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-mail a ...)
{DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
- [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- org-mode 9.6.23+dfsg-1 (bug #1067663)
[bookworm] - org-mode <ignored> (Produces only a dependency binary package)
- [bullseye] - org-mode <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1
NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c (emacs-29.3)
@@ -31777,17 +31777,17 @@ CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-
CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as trusted.)
{DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
- [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- org-mode 9.6.23+dfsg-1 (bug #1067663)
[bookworm] - org-mode <ignored> (Produces only a dependency binary package)
- [bullseye] - org-mode <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1
NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804 (emacs-29.3)
CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turn ...)
- emacs 1:29.3+1-1 (bug #1067630)
- [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - emacs 1:28.2+1-15+deb12u1
[bullseye] - emacs <not-affected> (Vulnerable code not present)
[buster] - emacs <not-affected> (Vulnerable code not present)
- org-mode 9.6.23+dfsg-1 (bug #1067663)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -87,15 +87,6 @@ CVE-2024-2398
[bullseye] - curl 7.74.0-1.3+deb11u12
CVE-2024-24814
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4
-CVE-2024-30203
- [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
-CVE-2024-30204
- [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
-CVE-2024-30205
- [bullseye] - emacs 1:27.1+1-3.1+deb11u3
- [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2
CVE-2023-52723
[bullseye] - libkf5ksieve 4:20.08.3-1+deb11u1
CVE-2024-25580
=====================================
data/next-point-update.txt
=====================================
@@ -76,14 +76,6 @@ CVE-2023-1370
[bookworm] - json-smart 2.2-2+deb12u1
CVE-2024-24814:
[bookworm] - libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1
-CVE-2024-30202
- [bookworm] - emacs 1:28.2+1-15+deb12u1
-CVE-2024-30203
- [bookworm] - emacs 1:28.2+1-15+deb12u1
-CVE-2024-30204
- [bookworm] - emacs 1:28.2+1-15+deb12u1
-CVE-2024-30205
- [bookworm] - emacs 1:28.2+1-15+deb12u1
CVE-2023-52723
[bookworm] - libkf5ksieve 4:22.12.3-1+deb12u1
CVE-2023-52160
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d162b48a56c928ee431429533c1dc610618951b
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d162b48a56c928ee431429533c1dc610618951b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240625/136821e4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list