1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1067630: emacs: release 29.3 fixes "several security vulnerabilitie

    From David Bremner@21:1/5 to All on Sun Mar 24 21:10:01 2024
    Source: emacs
    Version: 29.2+1-2
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: Debian Security Team <team@security.debian.org>, debian-emacsen@lists.debian.org

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    According to the 29.3 release notes

    * Changes in Emacs 29.3
    Emacs 29.3 is an emergency bugfix release intended to fix several
    security vulnerabilities described below.

    ** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.

    ** New buffer-local variable 'untrusted-content'.
    When this is non-nil, Lisp programs should treat buffer contents with
    extra caution.

    ** Gnus now treats inline MIME contents as untrusted.
    To get back previous insecure behavior, 'untrusted-content' should be
    reset to nil in the buffer.

    ** LaTeX preview is now by default disabled for email attachments.
    To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.

    ** Org mode now considers contents of remote files to be untrusted.
    Remote files are recognized by calling 'file-remote-p'.

    - -- System Information:
    Debian Release: trixie/sid
    APT prefers testing-debug
    APT policy: (500, 'testing-debug'), (500, 'testing')
    Architecture: amd64 (x86_64)
    Foreign Architectures: arm64

    Kernel: Linux 6.6.15-amd64 (SMP w/20 CPU threads; PREEMPT)
    Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    - -- no debconf information

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYAhNIACgkQA0U5G1Wq FSEANg//cukjqohXxNRpkxbutqHHvOB1aAr3d78jowjP3Yb9ozAArNxUjuJHEdSZ 5HCASm269atf5753maZILjyx3VmF/qUihyGjbbWjqMwNrQkkQiuXBfYn1F4R76/V tyFile5NZVXIgYMykLb+rSHap6KMBnhjvLWSwNsDMuD8WB7OPH7KOI2xYqkUb7ue SIgkCr0GJ+LaHOAYlRKkAYok4qwIfijLBw41Bt7t9Tawh+5d5nDkNPDphFOB+bG+ 1hOQD8KVYWIceRK83wcDictSxbeTSo/cp6cEtVZX3yrDvBRbj3VKjKWL+0UIKfWO iGWQYn622B7WbBIwEddQMmla+nxa5rxEN9VMEE8N5xcpI1lnL0lVSxw0jbT0FopJ PmwFYmz1+pxB2fhRTv1T7ZTSAJS3BKQ9u2R8tuKO5ilSYp1zJrBBIazGPZ3Q+UBS EoPh4hy5G4IZ3X3yaE9cX76fdDMMGPQ7HIinkw5A7KWb8zHse5m3+WG+iPNuveHU GRwOB9pDDRTQrQVG8of2YVS0kLb9eu2jUD0sbi8As3P5Mr/gXHlrSgs5t1qg3HuA Kkg7m7PAONZu0LBZNZsItm/V0weDqBdE+LZsa/1LUk3H+zvswhctlNLuZ7Y4mKqh YpuwmZ2+cv1To2M/DKbBx2ngl5EiojF8hk5pGezcZ811NRFAQKc=
    =BxE4
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Mar 25 03:50:02 2024
    This is a multi-part message in MIME format...

    Your message dated Mon, 25 Mar 2024 01:13:54 +0000
    with message-id <E1roYuQ-00Aag4-Pk@fasolo.debian.org>
    and subject line Bug#1067630: fixed in emacs 1:29.3+1-1
    has caused the Debian Bug report #1067630,
    regarding emacs: release 29.3 fixes "several security vulnerabilities"
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 24 Mar 2024 19:59:16 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-14.9 required=4.0 tests=BAYES_00,FOURLA,
    FROMDEVELOPER,FVGT_m_MULTI_ODD,PGPSIGNATURE,SPF_HELO_NONE,SPF_NONE,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 76; hammy, 150; neutral, 126; spammy,
    0. spammytokens: hammytokens:0.000-+--sk:iqizbae, 0.000-+--sk:iQIzBAE,
    0.000-+--X-Debbugs-Cc, 0.000-+--XDebbugsCc, 0.000-+--trixie Return-path: <bremner@debian.org>
    Received: from phubs.tethera.net ([2607:5300:60:3a9d::1]:38086)
    by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
    (Exim 4.94.2)
    (envelope-from <br
  • From Debian Bug Tracking System@21:1/5 to All on Mon Mar 25 04:10:01 2024
    Processing control commands:

    found -1 1:28.2+1-15
    Bug #1067630 {Done: Rob Browning <rlb@defaultvalue.org>} [src:emacs] emacs: release 29.3 fixes "several security vulnerabilities"
    Marked as found in versions emacs/1:28.2+1-15.

    --
    1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)