emacs - Debian Package Tracker

general

source: emacs (main)
version: 1:29.4+1-6
maintainer: Rob Browning (DMD)
uploaders: Sean Whitton [DMD]
arch: all any
std-ver: 3.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:26.1+1-3.2+deb10u2
o-o-sec: 1:26.1+1-3.2+deb10u6
oldstable: 1:27.1+1-3.1+deb11u5
old-sec: 1:27.1+1-3.1+deb11u5
old-p-u: 1:27.1+1-3.1+deb11u5
stable: 1:28.2+1-15+deb12u3
stable-sec: 1:28.2+1-15+deb12u3
stable-bpo: 1:29.4+1-4~bpo12+1
testing: 1:29.4+1-6
unstable: 1:29.4+1-6

versioned links

1:26.1+1-3.2+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:26.1+1-3.2+deb10u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:27.1+1-3.1+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:28.2+1-15+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:29.4+1-4~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:29.4+1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

emacs (78 bugs: 0, 61, 17, 0)
emacs-bin-common (3 bugs: 0, 2, 1, 0)
emacs-common (28 bugs: 0, 15, 13, 0)
emacs-el (3 bugs: 0, 3, 0, 0)
emacs-gtk (35 bugs: 0, 33, 2, 0)
emacs-lucid (2 bugs: 0, 2, 0, 0)
emacs-nox (5 bugs: 0, 5, 0, 0)
emacs-pgtk (2 bugs: 0, 2, 0, 0)

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2025-1244: A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
CVE-2024-53920: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Created: 2024-11-28 Last update: 2025-02-20 05:57

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2025-1244: A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
CVE-2024-53920: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Created: 2024-11-28 Last update: 2025-02-20 05:57

3 security issues in bullseye high

There are 3 open security issues in bullseye.

1 important issue:

CVE-2025-1244: A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

2 issues postponed or untriaged:

CVE-2023-28617: (needs triaging) org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
CVE-2024-53920: (postponed; to be fixed through a stable update) In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Created: 2025-02-13 Last update: 2025-02-20 05:57

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2025-1244: A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

1 issue left for the package maintainer to handle:

CVE-2024-53920: (postponed; to be fixed through a stable update) In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-11-28 Last update: 2025-02-20 05:57

AppStream hints: 6 errors and 9 warnings for emacs-gtk,emacs-common,emacs-lucid,emacs-pgtk,emacs-nox high

AppStream found metadata issues for packages:

emacs-gtk: 2 errors and 2 warnings
emacs-nox: 1 error and 1 warning
emacs-pgtk: 2 errors and 2 warnings
emacs-lucid: 2 warnings
emacs-common: 1 error and 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2018-07-30 Last update: 2025-02-12 20:30

lintian reports 7 errors and 58 warnings high

Lintian reports 7 errors and 58 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-12-08 Last update: 2025-02-12 17:30

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 3.7.2).

Created: 2018-05-28 Last update: 2025-02-12 06:33

17 bugs tagged patch in the BTS normal

The BTS contains patches fixing 17 bugs (22 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-02-20 19:24

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2024-05-01 Last update: 2025-02-20 14:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:29.4+1-7~1.gbp0a9c78, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 14619c249978fc9a742d0216a5f60a12e2344df8
Merge: 45b2aab9f bfb9e6519
Author: Sean Whitton <spwhitton@spwhitton.name>
Date:   Thu Feb 13 09:58:04 2025 +0800

    Fix eldoc warning in patch adding debian-emacs-flavor
    
    Thanks to Xiyue Deng for the report and fix.
    
    Closes: #1095133

commit bfb9e6519119430ffcc9c3c7b18e81512514ee2c
Author: Xiyue Deng <manphiz@gmail.com>
Date:   Mon Jan 27 23:23:37 2025 -0800

    Fix eldoc warning in patch adding debian-emacs-flavor
    
    Forwarded: not-needed
    Closes: #1095133

commit 45b2aab9f748012b09488cdcf8bcb184a70e770a
Author: Sean Whitton <spwhitton@spwhitton.name>
Date:   Thu Feb 13 09:56:35 2025 +0800

    Adjust debian/changelog for UNRELEASED 29.4+1-7 development

Created: 2025-02-13 Last update: 2025-02-13 04:00

debian/patches: 14 patches to forward upstream low

Among the 18 debian patches available in version 1:29.4+1-6 of the package, we noticed the following issues:

14 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-02-12 10:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2023-08-02 Last update: 2023-08-02 08:06

testing migrations

This package will soon be part of the auto-libxml2 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2025-02-17] emacs 1:29.4+1-6 MIGRATED to testing (Debian testing watch)
[2025-02-12] Accepted emacs 1:29.4+1-6 (source) into unstable (Sean Whitton)
[2025-01-23] emacs 1:29.4+1-5 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted emacs 1:29.4+1-5 (source) into unstable (Sean Whitton)
[2024-12-15] Accepted emacs 1:29.4+1-4~bpo12+1 (source) into stable-backports (Sean Whitton)
[2024-12-13] emacs 1:29.4+1-4 MIGRATED to testing (Debian testing watch)
[2024-12-08] Accepted emacs 1:29.4+1-4 (source) into unstable (Sean Whitton)
[2024-08-24] Accepted emacs 1:27.1+1-3.1+deb11u5 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-07-22] Accepted emacs 1:29.4+1-2~bpo12+1 (source) into stable-backports (Sean Whitton)
[2024-07-14] Accepted emacs 1:28.2+1-15+deb12u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-07-02] emacs 1:29.4+1-3 MIGRATED to testing (Debian testing watch)
[2024-06-29] Accepted emacs 1:29.4+1-3 (source) into unstable (Rob Browning)
[2024-06-29] Accepted emacs 1:26.1+1-3.2+deb10u6 (source) into oldoldstable (Sean Whitton)
[2024-06-25] Accepted emacs 1:28.2+1-15+deb12u3 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-06-25] Accepted emacs 1:27.1+1-3.1+deb11u5 (source) into oldstable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-06-25] Accepted emacs 1:29.4+1-2 (source) into unstable (Sean Whitton)
[2024-06-25] Accepted emacs 1:29.4+1-1 (source) into unstable (Rob Browning)
[2024-06-15] Accepted emacs 1:28.2+1-15+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Rob Browning)
[2024-05-27] Accepted emacs 1:27.1+1-3.1+deb11u3 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Sean Whitton)
[2024-05-27] Accepted emacs 1:27.1+1-3.1+deb11u4 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Sean Whitton)
[2024-05-27] Accepted emacs 1:27.1+1-3.1+deb11u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2024-05-20] Accepted emacs 1:28.2+1-15+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sean Whitton)
[2024-05-20] Accepted emacs 1:29.3+1-3~bpo12+1 (source) into stable-backports (Sean Whitton)
[2024-05-20] emacs 1:29.3+1-3 MIGRATED to testing (Debian testing watch)
[2024-05-15] Accepted emacs 1:29.3+1-3 (source) into unstable (Rob Browning)
[2024-04-30] emacs 1:29.3+1-2 MIGRATED to testing (Debian testing watch)
[2024-04-29] Accepted emacs 1:26.1+1-3.2+deb10u5 (source) into oldoldstable (Sean Whitton)
[2024-04-27] Accepted emacs 1:29.3+1-2~bpo12+1 (source) into stable-backports (Sean Whitton)
[2024-04-20] Accepted emacs 1:29.3+1-2 (source) into unstable (Sean Whitton)
[2024-03-25] Accepted emacs 1:29.3+1-1 (source) into unstable (Rob Browning)

bugs [bug history graph]

all: 181 197
RC: 1
I&N: 140 152
M&W: 39 43
F&P: 1
patch: 17 22

links

homepage
lintian (7, 58)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:29.4+1-6ubuntu3
36 bugs (1 patch)
patches for 1:29.4+1-6ubuntu3