From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#28350: enriched.el code execution Date: Mon, 11 Sep 2017 09:38:14 -0700 Organization: UCLA Computer Science Department Message-ID: References: <305e0573-2e10-cb15-4133-9bd72d33ea5e@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1505147984 23579 195.159.176.226 (11 Sep 2017 16:39:44 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 11 Sep 2017 16:39:44 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 Cc: "Charles A. Roelli" , 28350@debbugs.gnu.org To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Sep 11 18:39:33 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drRjk-0004Kf-OP for geb-bug-gnu-emacs@m.gmane.org; Mon, 11 Sep 2017 18:39:04 +0200 Original-Received: from localhost ([::1]:58928 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drRjr-0002DN-Ut for geb-bug-gnu-emacs@m.gmane.org; Mon, 11 Sep 2017 12:39:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48359) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drRjl-0002DD-QY for bug-gnu-emacs@gnu.org; Mon, 11 Sep 2017 12:39:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1drRji-0004HZ-Iq for bug-gnu-emacs@gnu.org; Mon, 11 Sep 2017 12:39:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:53377) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1drRji-0004HR-FO for bug-gnu-emacs@gnu.org; Mon, 11 Sep 2017 12:39:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1drRjh-00081Z-PC for bug-gnu-emacs@gnu.org; Mon, 11 Sep 2017 12:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 11 Sep 2017 16:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 28350-submit@debbugs.gnu.org id=B28350.150514791030800 (code B ref 28350); Mon, 11 Sep 2017 16:39:01 +0000 Original-Received: (at 28350) by debbugs.gnu.org; 11 Sep 2017 16:38:30 +0000 Original-Received: from localhost ([127.0.0.1]:33824 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drRjB-00080i-RR for submit@debbugs.gnu.org; Mon, 11 Sep 2017 12:38:30 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:37606) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drRjA-00080U-1D for 28350@debbugs.gnu.org; Mon, 11 Sep 2017 12:38:29 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 169E2160CE3; Mon, 11 Sep 2017 09:38:22 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id qev74exJqmsA; Mon, 11 Sep 2017 09:38:21 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 029CE160CCF; Mon, 11 Sep 2017 09:38:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UcobJA1tSwgh; Mon, 11 Sep 2017 09:38:20 -0700 (PDT) Original-Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id DD6B8160AD0; Mon, 11 Sep 2017 09:38:20 -0700 (PDT) In-Reply-To: Content-Language: en-US X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:136794 Archived-At: On 09/11/2017 08:33 AM, Glenn Morris wrote: > I submitted this tohttps://github.com/distributedweaknessfiling/ . > I see you sent it tohttp://seclists.org/oss-sec/2017/q3/422 . Yes, I sent it to the oss-security mailing list, and it is archived here: http://www.openwall.com/lists/oss-security/2017/09/11/1 > Are you sure this issue affects Emacs 19.29, as stated there? > The x-display code is "only" present since 21.1, AFAICS. Thanks for checking. When I wrote that, I looked for any of the text involved in Lars's patch. If a smaller patch will do, that might explain why you're seeing 21.1 rather than 19.29. We can mention 21.1 instead of 19.29 in the 25.3 release, and I'll update etc/NEWS accordingly in emacs-25 and master once that comes out. These days almost nobody is running Emacs older than 21.1, so the exact version number shouldn't matter to anybody other than software archaeologists.