[Git][security-tracker-team/security-tracker][master] Reserve DLA-4069-1 for emacs

Thu Feb 27 03:49:42 GMT 2025


Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d987d18e by Sean Whitton at 2025-02-27T11:49:20+08:00
Reserve DLA-4069-1 for emacs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -27267,7 +27267,6 @@ CVE-2024-11738 (A flaw was found in Rustls 0.23.13 and related APIs. This vulner
 CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to i ...)
 	- emacs 1:30.1+1-1 (bug #1088690)
 	[bookworm] - emacs <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - emacs <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
 	NOTE: https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/
 CVE-2024-53855 (Centurion ERP (Enterprise Rescource Planning) is a simple application  ...)
@@ -163185,7 +163184,6 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1
 	- org-mode 9.5.2+dfsh-5 (bug #1033341)
 	[bullseye] - org-mode 9.4.0+dfsg-1+deb11u1
 	- emacs 1:28.2+1-14 (bug #1033342)
-	[bullseye] - emacs <no-dsa> (Minor issue)
 	NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e
 	NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 (release_9.6.2)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 (release_9.6.2)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Feb 2025] DLA-4069-1 emacs - security update
+	{CVE-2023-28617 CVE-2024-53920 CVE-2025-1244}
+	[bullseye] - emacs 1:27.1+1-3.1+deb11u6
 [25 Feb 2025] DLA-4068-1 php-nesbot-carbon - security update
 	{CVE-2025-22145}
 	[bullseye] - php-nesbot-carbon 2.32.2-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -63,9 +63,6 @@ edk2
   NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
   NOTE: 20241105: maintainer proposed opu debdiff for CVE-2024-38796 and CVE-2024-1298, https://bugs.debian.org/1086762 (santiago)
 --
-emacs (Sean Whitton)
-  NOTE: 20250225: Added by Front-Desk (ta)
---
 espeak-ng
   NOTE: 20240816: Added by Front-Desk (Beuc)
   NOTE: 20240816: Follow fixes from bookworm 12.5 (5 CVEs) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d987d18e73bbe9473d7fbbd74f5dc5531e4a1bd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d987d18e73bbe9473d7fbbd74f5dc5531e4a1bd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250227/d1cea65f/attachment-0001.htm>
