Moritz Muehlenhoff <j...@debian.org> writes: > Package : emacs24 > CVE ID : not yet available > > Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code > execution when rendering text/enriched MIME data (e.g. when using > Emacs-based mail clients). > > For the oldstable distribution (jessie), this problem has been fixed > in version 24.4+1-5+deb8u1. > > For the stable distribution (stretch), this problem has been fixed in > version 24.5+1-11+deb9u1.
What about emacs25 in stretch? AFAICS, it is still vulnerable. https://bugs.debian.org/875447 was closed with the upload of 25.2+1-6 to unstable, but this bug was opened against 25.1+1-4 which still is the current version in stretch. And needs fixing ASAP... Bjørn
