Your message dated Mon, 24 Feb 2025 09:34:50 +0000
with message-id <e1tmurs-001ya6...@fasolo.debian.org>
and subject line Bug#1098255: fixed in emacs 1:30.1+1-1
has caused the Debian Bug report #1098255,
regarding emacs: CVE-2025-1244
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1098255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098255
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: emacs
Version: 1:29.4+1-6
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://debbugs.gnu.org/66390
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for emacs.
CVE-2025-1244[0]:
| A flaw was found in the Emacs text editor. Improper handling of
| custom "man" URI schemes allows attackers to execute arbitrary shell
| commands by tricking users into visiting a specially crafted website
| or an HTTP URL with a redirect.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-1244
https://www.cve.org/CVERecord?id=CVE-2025-1244
[1] https://debbugs.gnu.org/66390
[2]
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:30.1+1-1
Done: Sean Whitton <spwhit...@spwhitton.name>
We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1098...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated emacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Feb 2025 17:19:10 +0800
Source: emacs
Architecture: source
Version: 1:30.1+1-1
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1088690 1095133 1098255 1098780
Changes:
emacs (1:30.1+1-1) unstable; urgency=medium
.
* Merge upstream version 30.1 (Closes: #1088690, #1098255, #1098780).
- Fixes CVE-2024-53920 and CVE-2025-1244.
- Drop obsolete patch disabling flymake included-c-header-files test.
.
* d/copyright: Updates for Emacs 30.1.
* d/rules: Adjust for on-by-default native compilation.
* d/control: Bump dependencies of 'emacs' metapackage.
* d/control: Remove build dependency on libjansson-dev.
This is no longer used by Emacs.
.
* Fix eldoc warning in patch adding debian-emacs-flavor (Closes: #1095133).
Thanks to Xiyue Deng for the report and fix.
.
* README.source: Suggest using git-range-diff(1) on patch queues.
* README.source: Bump version numbers in sample commands.
Checksums-Sha1:
c5eb4c6cf00edb9b0b37bc5519cffbe31b7d1d4c 3087 emacs_30.1+1-1.dsc
09c8a2c6420edf1c0eafbe02c108fdaaf9d3a105 31081984 emacs_30.1+1.orig.tar.xz
60a5fbb9b27df47aa3bf16592f2da993d5d67c0e 67348 emacs_30.1+1-1.debian.tar.xz
Checksums-Sha256:
e81a5ef691b885a8f2a93b857350fd9d2148068645bbe5804bebfc6f90f105b2 3087
emacs_30.1+1-1.dsc
902fe6e82528f9bc89b0f57227488a08f5bc07126c2c47eb6b5e8a368582324c 31081984
emacs_30.1+1.orig.tar.xz
27a6e34d26919d338b58c36d2bf914f4fbb4a30dc8fc37498a3d59e3687c9fc3 67348
emacs_30.1+1-1.debian.tar.xz
Files:
c909e06e6e823e1ffd682d1c3a83893b 3087 editors optional emacs_30.1+1-1.dsc
09b123423ed0e3aba5ae618afbed30ec 31081984 editors optional
emacs_30.1+1.orig.tar.xz
4db61816534ab07141e33910e8bab537 67348 editors optional
emacs_30.1+1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAme8O2EACgkQaVt65L8G
YkAwkg/9FLA+Nr9sgKs8tPTMZ9gVJGTRz8typjzMo09+eIvN4hs4voMM9wBGiJ/h
t9K5ItyQBCx6mmYYMnjEiSqaAfGJxQQjwKMUErR0geHEsExkecdvgI1TvUGovmpJ
Q0PttU9TBr+hq4LGCkkvj01Wgc+a4L5+Jx8JOpjKRg1akmTPNY+ydkKIIvi88gDW
pR+A0SgW6mILPbGpdhdJ39pk3RcYDiMX3FNm2UcvBfJ8Kuqdi8X0U3ewkbOeytMY
FGdJDZShvCx8fv1+xNWwE85uZqtAAGIGHNBqDVSprz8G3Ym9YBdTg6tYX+hYu56V
yqxhArDYUIIZPJGYMMjUX/7bqwYO6NcyvSk1Pb6vV+2cBdT2n1vcJAoJz/XZY1c1
VGWRtLcWMFuAvXoExDU9Injvo8QdkyolwzkcSg0KsQUnIPV6AWJkhWGJ/SUg20Tz
JSjtLN7f3BD+3gpf0zJDj6NxsPEm1c4iwpU8ctdYgSuQZ/4tnrncu9b42JGjWWTl
PjavdDaTGlczRuqadhg+thTdCw+JoGvoEsK8vgnap2Mt7MlD1gSMXl406GMPlqsi
tpeRxGASxBf9iDzVJyQxfO4XdMqPxZ/eblaXGf/lO2/93Dp7Stf1hG/dhtgd7scC
tZ1u/TKm0fQZT4DaifJ8c73RWFWO7eHs0jvCdUqlY9EGXa9Rqp8=
=5/fc
-----END PGP SIGNATURE-----
pgp8NlxOJwcE2.pgp
Description: PGP signature
--- End Message ---
