From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Sean Whitton Newsgroups: gmane.emacs.devel Subject: Re: Reproducers for recent Emacs security issues Date: Mon, 15 Apr 2024 17:46:25 +0800 Message-ID: <87y19fdklq.fsf@melete.silentflame.com> References: <875xwk8w5w.fsf@melete.silentflame.com> <706e1218-7451-4221-830a-ae3db3bf842e@gmail.com> <87cyqrf01x.fsf@melete.silentflame.com> <87mspv6kf0.fsf@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="26002"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: Max Nikulin , emacs-devel@gnu.org, team@security.debian.org To: Ihor Radchenko Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Apr 15 11:47:16 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rwIvh-0006W9-WA for ged-emacs-devel@m.gmane-mx.org; Mon, 15 Apr 2024 11:47:15 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rwIv8-0007NQ-RI; Mon, 15 Apr 2024 05:46:38 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rwIv6-0007N5-G3 for emacs-devel@gnu.org; Mon, 15 Apr 2024 05:46:36 -0400 Original-Received: from fout1-smtp.messagingengine.com ([103.168.172.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rwIv4-0006yL-SN for emacs-devel@gnu.org; Mon, 15 Apr 2024 05:46:36 -0400 Original-Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfout.nyi.internal (Postfix) with ESMTP id 7774F138052C; Mon, 15 Apr 2024 05:46:31 -0400 (EDT) Original-Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 15 Apr 2024 05:46:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spwhitton.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1713174391; x= 1713260791; bh=VDGUAavLNgYBX+KVFh4fqHc6V/pevNypXZZguHUxQy4=; b=B sB+LQt1T2J+om94ktrlfeiKIRKF06cmEKasBIV/e8tp+MrDVuUvez3fiWROMqKlH O4oTgCkF7/a/JpnQ1QIBEqftJpcEjKp+ska16kaNL1IXZ6Ok4Ga+Q7yJ4PdU194r IEnbpL6Fi1iF6Dt//SflgW4DO5ue+Gy3hSm/Sf35O9l3QjGM21MaXK+yqG1uV9Md c7eI3GpgVcUVLb82a9nuPn+uyqsFjGSw9pOZuAuu7xj6O6E5edYEvtyIv18OTj9z VJ9eQwolwpCOLAFygggftoVaOs+dNtIWwXdx0I47QdU54hM8/XiYVCniZnF9dBNu ergWEHeJJTHn6NftRuFgw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1713174391; x=1713260791; bh=VDGUAavLNgYBX+KVFh4fqHc6V/pe vNypXZZguHUxQy4=; b=h5eT/4Fv839YimZWkdcmH0ZqGTh9aUo9tCmM4r6Pwldm ZBWiiv/KKYt4mv6aJ2OdmeEUyM92uN3KBpCnFIhois+C3nM0tBAE2DcIBNUktPQa IjVn3+vM+mQT6bmHCM7S1/F7xIB+BBEQ2koE0St88jy7mXKNL8Uw1PyiVU0vHdMI b6AUvyHi8oo0YLKI88p7r6CwbuWjLIyLtNVUDkW/crKvdnmY5oCeRydN3GB71L0w Lje/UBldwgRQq7759cnRs7zVnNMh1JmbK8z5+7qU7OLtxh23kSxQs3dQjajEJ9oJ 9gXnqtl7fNnEeWFiF4YoU7c/cAORsK3b59nOA93AnA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejvddgvddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefujghffffkfgggtgesghdttdertdertdenucfhrhhomhepufgvrghn ucghhhhithhtohhnuceoshhpfihhihhtthhonhesshhpfihhihhtthhonhdrnhgrmhgvqe enucggtffrrghtthgvrhhnpeetfeevtdeftdeigfeghfekveeuvefgfeduhfetgeekjeeu keehvdegvdetgedvleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehsphifhhhithhtohhnsehsphifhhhithhtohhnrdhnrghmvg X-ME-Proxy: Feedback-ID: i23c04076:Fastmail Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 15 Apr 2024 05:46:30 -0400 (EDT) Original-Received: by melete.silentflame.com (Postfix, from userid 1000) id 7DAC27EAE1D; Mon, 15 Apr 2024 17:46:26 +0800 (CST) In-Reply-To: <87mspv6kf0.fsf@localhost> (Ihor Radchenko's message of "Mon, 15 Apr 2024 09:32:19 +0000") Received-SPF: pass client-ip=103.168.172.144; envelope-from=spwhitton@spwhitton.name; helo=fout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:317731 Archived-At: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, On Mon 15 Apr 2024 at 09:32am GMT, Ihor Radchenko wrote: > Sean Whitton writes: > >> Unfortunately, I couldn't reproduce this. >> I expanded the inline preview but nothing appeared in /tmp. If I saved >> the attachment and opened it as a regular file, then the image gets >> generated in /tmp and displayed in-buffer, but that's a different issue. >> >> This is Emacs 28.2, btw. Would you expect it not to work there? > > That email with attachment needs to be opened in gnus, notmuch, or mu4e. > Using default settings. Yeah, I tried that: emacs -q M-x gnus-no-server Gf ~/tmp/mbox-with-the-msgs.mbox RET =2D-=20 Sean Whitton --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYc93EZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQLKVEACteCWjC4uNm+6MVoKiODen 7HhsACLygxGsTGlb6L2PPbSr7cp8Q+yJvxqQwTfiE4ir4fOVECsOvsrtDYh9CTvC fI5HR5eh6A56Wk/nH663rc8ip5UiJOFsaP8Jx8d3oILtUwxjImAilldo8WcsaqVG t3eQUYb/1zk1UMVUWHlEjjToHgAx2Yi+y8N4mfUuNEz0Y/Mt1fVQ2GAEUZ+L7xXZ SaWeBgRaDMcv9F/bfl4pdN5nrJgpxyzssGKWI5BRDgLU2JoD869En3TN5JjkPpoY kQNjyd9zn2LL5EppWnSjRIZYt8Kgsd1Pvu26d/zgCl8FCPIEdVmj5AYdCXs872w9 q26Kf/t2KDzBoAvToPQqe0OAogjVLMN9eNqwcTFQMD5loQyw1nVeo6syca05dpfh Qk7bFgPimpwH7xLrewP6PddJvZjbsJI7iSffHtzI3CFX5GqdexYIutnhvLGOUjaj KRDdhBu90US9uqKD6vgxnC91IlFZL27LZg0kDw763a3JnApxX4NMIbPAW5WRRBVl xAWBrbIhduZXESwXurB92lypANGjGBDDw4ZQ4tLFP14/oGmVD9vHG0XlgsjFOXRt /tODT+mcZNnyntaG/l2zl5m4UKo4xzA1Kh5ADoUsex3QsCfmvhcxhd1UaWKAGSQL 1tPi8qtxysFkE+JamvtGgA== =g/cX -----END PGP SIGNATURE----- --=-=-=--