From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Troy Hinckley Newsgroups: gmane.emacs.devel Subject: Request to backport fix for CVE-2022-45939 to Emacs 28 Date: Mon, 13 Feb 2023 12:15:50 -0600 Message-ID: <09998122-0110-454f-94d1-e29c37b833f4@Spark> References: <85f35c42-cfe8-44a7-a9c1-307acc5c17d4@Spark> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="63ea7e5b_3804823e_4cc" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="6798"; mail-complaints-to="usenet@ciao.gmane.io" To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Feb 13 19:45:20 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pRdpE-0001S5-LN for ged-emacs-devel@m.gmane-mx.org; Mon, 13 Feb 2023 19:45:16 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pRdoU-0001NG-9k; Mon, 13 Feb 2023 13:44:30 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pRdN7-0007FE-7H for emacs-devel@gnu.org; Mon, 13 Feb 2023 13:16:13 -0500 Original-Received: from sender4-op-o15.zoho.com ([136.143.188.15]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pRdN2-0003lS-CP for emacs-devel@gnu.org; Mon, 13 Feb 2023 13:16:12 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1676312162; cv=none; d=zohomail.com; s=zohoarc; b=JgPj9Q/bJaLoWYUnxHNd/UkF+lUEAffgu5MLoOIJySdNITRkf9WovwQlMwRoi6OHrYZtz547d8sJXAOcHef8gj4n2OpU/y1oEQaDUK9NFgep/iznhTB0ONNeY5gmj/rArq3xFsgD3kWBaqvHmXHmyYkE7LkiE+IrHgQ++QIaI9Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676312162; h=Content-Type:Date:From:MIME-Version:Message-ID:References:Subject:To; bh=DG3BZ+Eyu8BFwgt43iif1zcWFB1/9NtArFsqLbOyomo=; b=keolOcuFpqsfwqoRNJMr6kTpuKzMqOatZkebEJ7oKaOdOSGMtTTp+k+ZzCVtihSTlBSSRhUNqn4a0GDIXHWOt6FSJ3hqPpwTNy72GifKqsx345xxD2AxRTgQdaWWisBRVQiF51raloLWheOTBirXcRPrNOYtidpx+MpV6xjHj4o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=dabrev.com; spf=pass smtp.mailfrom=comms@dabrev.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1676312162; s=zoho; d=dabrev.com; i=comms@dabrev.com; h=Date:Date:From:From:To:To:Message-ID:References:Subject:Subject:MIME-Version:Content-Type:Message-Id:Reply-To:Cc; bh=DG3BZ+Eyu8BFwgt43iif1zcWFB1/9NtArFsqLbOyomo=; b=Fkv0euFWgILOdJQGVLS5uab+sCE+Y7c4Xvz2O6slrTtbvauFULwp+Ab7YN6y7Zbg OiCqGPud1aILuMc95GwuqGLAmHeNpKIimcVKUVrPL2OblYnNaseghTV8nIoPlqRLMA5 RARPLDD+2kPQdizwgic3BzPlipUU43lsoRO+1XM4= Original-Received: from [192.168.1.138] (24-35-132-35.fidnet.com [24.35.132.35]) by mx.zohomail.com with SMTPS id 1676312159767372.369205911583; Mon, 13 Feb 2023 10:15:59 -0800 (PST) X-Readdle-Message-ID: 09998122-0110-454f-94d1-e29c37b833f4@Spark X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.15; envelope-from=comms@dabrev.com; helo=sender4-op-o15.zoho.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Mon, 13 Feb 2023 13:44:28 -0500 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:303224 Archived-At: --63ea7e5b_3804823e_4cc Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline My company will not allow an install of Emacs 28 due to=C2=A0CVE-2022-459= 39. There is a=C2=A0patch=C2=A0for this in the master branch, but it did = not make it in time for Emacs 28.2. We have many Emacs users who would li= ke to upgrade to 28. What would be the effort to back port this fix and d= o an Emacs 28.3 release=3F - Troy Hinckley --63ea7e5b_3804823e_4cc Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
My company will not allow an install of Emacs 28 du= e to&=23160;CVE-2022-45939. There is a&=23160;patch&=23160= ;for this in the master branch, but it did not make it in time for Emacs = 28.2. We have many Emacs users who would like to upgrade to 28. What woul= d be the effort to back port this fix and do an Emacs 28.3 release=3F


- Troy Hinckley
--63ea7e5b_3804823e_4cc--