it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5719-1] emacs security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5719-1] emacs security update
Date: Tue, 25 Jun 2024 20:01:55 +0000
List-archive: https://lists.debian.org/msgid-search/E1sMCMV-001iyJ-2c AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=RGcbQJ0tJe0Zki4x53Fl6mwV/vRg5/Pdh7qtBvIKBVw=; b=KG pfcylhV9ccIgtLqoM8qtbBgmKFR5KUjZkbYqKu3Cil7mCQkfXzMfyG1vHCebGaa5qu6+792nvoSHE m0HQZXtupBIVw23BmBbJxS/57+pALtGfGpf3fueSfyyFlfSWHa30roRucmWpuQfq5UGfZGnVaYHL5 YECB+KKszknR0HFZrxq/Ahq0yJY2ABOWACJfUM17lNXUQFFi64UvMYoh6+2Kb+OczJDVvGi1ZO1nD PX0R/IZfWrjDbxGXQIEF1oUeXgFg5dsnGBJMTMNJjAAuqRstrI9csoBNDH/GU4J39EI9/MgDnfapW rJF+A1bAwCUewFkKjYfxUo1FFbNV5fJQ==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 25 Jun 2024 20:02:15 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <LSVyonq6P3E.A.LZfN.HJyemB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5719-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 25, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : emacs
CVE ID : CVE-2024-39331
Debian Bug : 1074137

It was discovered that Emacs is prone to arbitrary shell code evaluation
when opening a specially crafted Org file.

This update includes updates pending for the upcoming point releases
including other security fixes.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1:27.1+1-3.1+deb11u5.

For the stable distribution (bookworm), this problem has been fixed in
version 1:28.2+1-15+deb12u3.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/emacs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7IMRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RRkQ//VodTfx1QWzYCV1WDvv2c6lekODGI1RQcM91+LRXnq+LsumEP55j5w26V
9O1u3Yze/94BVOzlggM3CzPLGeDS1gYDAGvoaZVrkgsK9k9DCN5vKJ3BSJf6vzj7
wtFVvlmnqIsMLUlu6yUpQlsDw6fhwKqrh4egIigDFSwR8kxzo+wBhTGVfuFLpmxl
X0B1xAMWsk8srmWxcgvabMvGhSx+z06QHnsguLWljvk+yEQVfVTYqVA3PxySg/Qk
/7SPwEBuWwe0MU6s4pltET/VdNI7nYeG2qSmWZ6ruFcYa2Xctoe+r2kQ02ngipJK
RZScLFYmxbRqKDGTayNbXvAE9X6P05bhQvpYoYsnTueYrH5JzB++6Zli43PnT6aj
ECMHPl7RKv6JOjqZB4VJpfsLw9S8QBkMPtSZ3zfy8/GSX8/113F8k4ur3pu/S3gH
N8FWbygOYw6MrC7LeKKE77k43Tep1bEQPd6EwwlopjIulDg00tEGXXH9JdmXKH0V
grgZTPubZvB/RrtW/AHkMrEDGdz9BfEnSxIOrPjbT//9tBVsxSN8jUflxUIoiCew
v9yw6YUXKaRrIgcvMy/GMg/uaIZmxvYYVlO4eg7QHQ4trwaTtANjUFIya4PCpegu
zjJS/rfx1BKpDDFQhJY25e7Tj6zfLV57GAb/rrZhRHRGQUCaBqQ=
=62XM
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5719-1] emacs security update, Salvatore Bonaccorso, 25.06.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.