From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.devel Subject: Re: Help testing emacs-28.3-rc1.tar.gz on MS-Windows Date: Sun, 19 Feb 2023 04:34:27 -0800 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="39852"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Troy Hinckley To: lux , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Feb 19 13:35:00 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pTiuB-000A6V-86 for ged-emacs-devel@m.gmane-mx.org; Sun, 19 Feb 2023 13:34:59 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pTitl-0008Kv-Vu; Sun, 19 Feb 2023 07:34:34 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pTitk-0008KS-4i for emacs-devel@gnu.org; Sun, 19 Feb 2023 07:34:32 -0500 Original-Received: from mail-oi1-x22a.google.com ([2607:f8b0:4864:20::22a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pTiti-0004I7-HO for emacs-devel@gnu.org; Sun, 19 Feb 2023 07:34:31 -0500 Original-Received: by mail-oi1-x22a.google.com with SMTP id s63so539799oie.11 for ; Sun, 19 Feb 2023 04:34:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=8MCRrCV0J1u+fnuje4xpdeTxvHiD4vPdkktDLD+THUo=; b=ciHPWDhOfoSNFcA2nXd6iuJcPra+W/oRt2xmsDPSTdq+75NMX7QaLiQ8ABYa4Ebr/V hSsZK3WGZCSXwmjcbv5V8mfz1t2mOLAv7D8GJ3yZ/VTS/Pqzmcr1eBMMTvZu4OgaVMJw 8k/DVGyHT6/lxMDfqCop7PqEPTCiMy6MxjXBKGI19liv3/rk5b8pRnZrfAumibp0rZPV U9VOHSZcGT1tsen0wzY7fzaVgNS37ahfjZ8nUQwbEaie0OtbAxuHsX8Yu+Xhzi7/9sAE SK3NN7cxsY6MMSsJWMUJUiH2bMrIH7tMEREvH2iWm0REVsurVPGj2dEZG4i3G5wURtu6 Riaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8MCRrCV0J1u+fnuje4xpdeTxvHiD4vPdkktDLD+THUo=; b=F++Ic2kQLrIxgJxorpQxcierg8QZUIhLtLL18bglmj/+SlC2SHfkocqKtmL0LXLPp7 +xojc9pIZb+m8CWdjm8xEjfysVWl9apKMQxVjuwgD3C8XUJcKjafi37CLJqwTzhgrzCw okGi+ChL6/GH5WQi+gop6iWZVoNX+h3XDxqwC/sGRwvP693R6FJwK6wNGjHbWo3FICoR U5kzqT1aGI8cbaLWtxDVUVqzz8qBCY84c9YLN41Nse3FMY/6JbOu3WZmms/5PWriznP7 A6h4pVAkNdFlXazIzNN/pOxcCjZr5+9Gap+fgYzDTM0P9IlIgw1+1urA2HeCEVT5SrgB Jh3A== X-Gm-Message-State: AO0yUKWyqVjDOS59oxb7MacanUcDpYwrL4EPwupjjHDJXRyPDDB/lmxF lch57e8jJcAKRdM8kiDI0MLLfi4/zIarfzKmrNlOpnA9 X-Google-Smtp-Source: AK7set+Ws2zOnZCFQ7F0uVpaUZ5us/9lLUQFlH6STFXJXPJPyDMIJLPTFiWQG/DfUou5kEZsqYEngIuoYQkwuxkf6D0= X-Received: by 2002:a05:6808:11c5:b0:378:3f53:9e8 with SMTP id p5-20020a05680811c500b003783f5309e8mr1045304oiv.291.1676810068352; Sun, 19 Feb 2023 04:34:28 -0800 (PST) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sun, 19 Feb 2023 04:34:27 -0800 In-Reply-To: X-Hashcash: 1:20:230219:comms@dabrev.com::d+YzyxOV3IAmV72T:5iUe Received-SPF: pass client-ip=2607:f8b0:4864:20::22a; envelope-from=stefankangas@gmail.com; helo=mail-oi1-x22a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:303564 Archived-At: lux writes: > Stefan, this is a new vulnerability found in orgmode, which also exists > in the built-in orgmode of Emacs 28. Does it need to be fixed together > in 28.3? > > https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A@qq.com/T/#t Thanks for continuing to work on improving Emacs' security. I don't want to delay Emacs 28.3 any more, and I'm ready to release it now. Perhaps it's fine to wait with this fix until Emacs 29.1, especially seeing that Org Mode can release a new fixed version through GNU ELPA immediately, and distributions can pick it up from there. Furthermore, the Emacs 29 pretest will start any day now. But I'd like to hear what others think. Is it important to include this fix in Emacs 28.3?