1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1098255: emacs: CVE-2025-1244

    From Salvatore Bonaccorso@21:1/5 to All on Tue Feb 18 13:10:01 2025
    Source: emacs
    Version: 1:29.4+1-6
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    Forwarded: https://debbugs.gnu.org/66390
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi,

    The following vulnerability was published for emacs.

    CVE-2025-1244[0]:
    | A flaw was found in the Emacs text editor. Improper handling of
    | custom "man" URI schemes allows attackers to execute arbitrary shell
    | commands by tricking users into visiting a specially crafted website
    | or an HTTP URL with a redirect.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-1244
    https://www.cve.org/CVERecord?id=CVE-2025-1244
    [1] https://debbugs.gnu.org/66390
    [2] https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Feb 24 10:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Mon, 24 Feb 2025 09:34:50 +0000
    with message-id <E1tmUrS-001YA6-9M@fasolo.debian.org>
    and subject line Bug#1098255: fixed in emacs 1:30.1+1-1
    has caused the Debian Bug report #1098255,
    regarding emacs: CVE-2025-1244
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1098255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098255
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 18 Feb 2025 12:01:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-9.5 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,MD5_SHA1_SUM,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 149; neutral, 44; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:45920 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.94.2)
    (
  • From Sean Whitton@21:1/5 to All on Wed Feb 26 04:20:01 2025
    Hello,

    I'm now in the middle of backporting the fixes for these two CVES to
    bookworm, generously funded by the Freexian LTS project.
    bullseye to follow.

    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAme+htwZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQP2bD/0cLEKQuEPCQXCA9R8XKAVD hncAEiJ08jIq/AGG7UGsos4poNRWmJdUCyDd6PF3aPZOUp8qhiGvSFgFRbVdcAyh yNAjYt51Hz3qsNPmVZdU/zSH2YE2TxP8kclasACX4eIeU4o+sf0IG3FDh7zp93gx ieNuJs/63ICWYTwYy4WCEpv+R3MTgwf0jC5AhvE1doM2MMRMmgJzpSbmBG8dVars EeI6eT1heUTqGWyvRCMuWAFRccNSVo/VCVGnCnbmcVZCObi+NJpeoR6VFPjsxG1z SaFTnLzK34Dd8zjqAuD03FSDTg7ePM+rgoBLt+LcT0tpX4HDGrG3Gh7D090q0Pb8 DLVkzmE0OH2thN4cQt2geQObgIxpaVHtYaT8FiOgn0IV+heM0Gf2UTcZWx+zBdTd yy6J9o0QMWLB8HuiCKerHPcLdzTQ96rGw1pU7RVzzO0d01fpJUZIwxDOTZ0KrWaz HY9z2dbTDVu/DucHCLIl7ny9oXmYRKGjvjCATo+VEHivL5txyAyuHik7CKasZHtM phJA27Od43HGyxgbAiVDl67zRB7G0TO+Eq5A38cLqJV2ZxmbPLid6Uuq2TL1yJ6O dvwaWyG3R++cwsT6NqbqmEseZQxyfWmKe6kTNbDfhWdlljxMSIAjSEgAWP6bzmzW +2L1l+luKEhvamLxOIcFXw==QsAV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Us