Hi! On Wed, Sep 13, 2017 at 09:10:52AM +0200, Bjørn Mork wrote: > Moritz Muehlenhoff <j...@debian.org> writes: > > > Package : emacs24 > > CVE ID : not yet available > > > > Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code > > execution when rendering text/enriched MIME data (e.g. when using > > Emacs-based mail clients). > > > > For the oldstable distribution (jessie), this problem has been fixed > > in version 24.4+1-5+deb8u1. > > > > For the stable distribution (stretch), this problem has been fixed in > > version 24.5+1-11+deb9u1. > > What about emacs25 in stretch? AFAICS, it is still vulnerable. > > https://bugs.debian.org/875447 was closed with the upload of 25.2+1-6 to > unstable, but this bug was opened against 25.1+1-4 which still is the > current version in stretch. And needs fixing ASAP...
Yes the same update is planned and will go out shortly. Regards, Salvatore
