From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#29182: CVE-2017-1000383: umask and backup files
Date: Tue, 14 Nov 2017 17:24:45 +0200
Message-ID: <834lpwlw76.fsf@gnu.org>
References: <v4lq7ysu5.fsf@fencepost.gnu.org>
	<6tefpag8ah.fsf@fencepost.gnu.org> <ovwp31sx9m.fsf@fencepost.gnu.org>
	<xtzi7p25tk.fsf@fencepost.gnu.org>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
X-Trace: blaine.gmane.org 1510673176 16207 195.159.176.226 (14 Nov 2017 15:26:16 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 14 Nov 2017 15:26:16 +0000 (UTC)
Cc: 29182@debbugs.gnu.org
To: Glenn Morris <rgm@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Nov 14 16:26:08 2017
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1eEd6E-0003dQ-Sk
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 14 Nov 2017 16:26:06 +0100
Original-Received: from localhost ([::1]:60345 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1eEd6M-0008NA-BM
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 14 Nov 2017 10:26:14 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34324)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eEd5G-0007VR-39
	for bug-gnu-emacs@gnu.org; Tue, 14 Nov 2017 10:25:09 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eEd5C-0000L6-Ce
	for bug-gnu-emacs@gnu.org; Tue, 14 Nov 2017 10:25:06 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:59876)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eEd5C-0000Ke-8q
	for bug-gnu-emacs@gnu.org; Tue, 14 Nov 2017 10:25:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eEd5C-0001NJ-21
	for bug-gnu-emacs@gnu.org; Tue, 14 Nov 2017 10:25:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 14 Nov 2017 15:25:02 +0000
Resent-Message-ID: <handler.29182.B29182.15106730865261@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 29182
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 29182-submit@debbugs.gnu.org id=B29182.15106730865261
	(code B ref 29182); Tue, 14 Nov 2017 15:25:02 +0000
Original-Received: (at 29182) by debbugs.gnu.org; 14 Nov 2017 15:24:46 +0000
Original-Received: from localhost ([127.0.0.1]:40324 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1eEd4v-0001Mm-V9
	for submit@debbugs.gnu.org; Tue, 14 Nov 2017 10:24:46 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:43043)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eliz@gnu.org>) id 1eEd4u-0001MZ-5w
	for 29182@debbugs.gnu.org; Tue, 14 Nov 2017 10:24:44 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1eEd4l-0008Du-Ne
	for 29182@debbugs.gnu.org; Tue, 14 Nov 2017 10:24:38 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:32950)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1eEd4l-0008Do-KS
	for 29182@debbugs.gnu.org; Tue, 14 Nov 2017 10:24:35 -0500
Original-Received: from [176.228.60.248] (port=3444 helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1eEd4k-00012d-QW; Tue, 14 Nov 2017 10:24:35 -0500
In-reply-to: <xtzi7p25tk.fsf@fencepost.gnu.org> (message from Glenn Morris on
	Mon, 13 Nov 2017 17:04:55 -0500)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:139883
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/139883>

> From: Glenn Morris <rgm@gnu.org>
> Date: Mon, 13 Nov 2017 17:04:55 -0500
> 
> Rightly or wrong, distributions etc pay attention to CVEs, so I think
> an official response from Emacs on this issue would be good.

I'm not sure how should we provide an official response there.  The
list there is mostly of issues with very old versions, and there's a
reference to bug reports which were closed.  What else is needed?  And
what's the procedure?