A security issue fixed upstream in Emacs has been announced: http://openwall.com/lists/oss-security/2017/09/11/1 The upstream patch to fix the issue is linked in the message above. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer. CC'ing all packagers collectively, in case tv needs his scarce free time for more important things.
Assignee: bugsquad => thierry.vignaudCC: (none) => marja11, pkg-bugs
Debian has issued an advisory for this on September 12: https://www.debian.org/security/2017/dsa-3970
Fedora has issued an advisory for this on September 13: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J6MFCEUDBQENGJJPSDRXLCRTOHLTTOJB/
Severity: normal => critical
CVE-2017-14482 has been assigned for this issue: http://openwall.com/lists/oss-security/2017/09/14/19
Summary: emacs new security issue fixed upstream => emacs new security issue fixed upstream (CVE-2017-14482)
RedHat has issued an advisory for this today (September 19): https://access.redhat.com/errata/RHSA-2017:2771
The fix was included in 25.3 upstream, which zezinho updated to on October 14.
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Advisory: ======================== Updated emacs packages fix security vulnerability: Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients) (CVE-2017-14482). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14482 https://www.debian.org/security/2017/dsa-3970 ======================== Updated packages in core/updates_testing: ======================== emacs-24.3-10.1.mga5 emacs-el-24.3-10.1.mga5 emacs-doc-24.3-10.1.mga5 emacs-leim-24.3-10.1.mga5 emacs-nox-24.3-10.1.mga5 emacs-common-24.3-10.1.mga5 emacs-24.5-8.1.mga6 emacs-el-24.5-8.1.mga6 emacs-doc-24.5-8.1.mga6 emacs-leim-24.5-8.1.mga6 emacs-nox-24.5-8.1.mga6 emacs-common-24.5-8.1.mga6 from SRPMS: emacs-24.3-10.1.mga5.src.rpm emacs-24.5-8.1.mga6.src.rpm
Assignee: thierry.vignaud => qa-bugs
Mageia 6 :: x86_64 Using this fifty times a day. Installed the packages as listed and edited some dummy files. emacs is an application development environment in itself but I use it for editing only and for that function this version works fine. Invoked here with user's .emacs resource file which defines actions on certain keyboard keys like yank, repetitive search, split window, write selected text to external file, and import an external file. These all work still. emacs continues to recognize different file types such as ruby and python and uses colour highlights as appropriate in code. Good for 64-bits on mga6.
CC: (none) => tarazed25Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK
Mageia 5 :: x86_64 Updated the six packages and edited different sorts of files as before. No regressions that I could see. Good for mga5 on 64 bits. Shall test the 32-bit versions in virtualbox later.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA5-64-OK
(In reply to Len Lawrence from comment #8) > Using this fifty times a day. I should have guessed! (In reply to Len Lawrence from comment #9) > Shall test the 32-bit versions in virtualbox later. If you want to, but if you have not done so by tomorrow (Sat) morning, I will validate it with both releases x64 OK; thanks to you. So if you do a 32-bit test before then, please *do* validate the update after your OK. Just done the advisory.
Keywords: (none) => advisoryCC: (none) => lewyssmith
I had to install this and try it before I could check the update. I usually use kwrite for this sort of thing, so I don't know how to use all the "features." Installed in Mga5-32 on real hardware: Intel Core2Duo, Intel graphics. Edited an old, no longer relevant text file, and saved it. It saved it, plus a copy of the old file for backup. Looks good here. Adding the Mga5-32 OK. Not validating, as I've done nothing with the Mga6 version.
CC: (none) => andrewsfarmWhiteboard: MGA5TOO MGA6-64-OK MGA5-64-OK => MGA5TOO MGA6-64-OK MGA5-64-OK MGA5-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0476.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED