From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.devel Subject: Re: release bugs [was Re: Processed: enriched.el code execution] Date: Wed, 6 Sep 2017 23:30:15 -0700 Organization: UCLA Computer Science Department Message-ID: References: <83tw0h0yem.fsf@gnu.org> <83lglr24ck.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1504765855 26670 195.159.176.226 (7 Sep 2017 06:30:55 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 7 Sep 2017 06:30:55 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 Cc: emacs-devel@gnu.org To: Eli Zaretskii , Glenn Morris Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 07 08:30:41 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpqKg-0005t0-5Q for ged-emacs-devel@m.gmane.org; Thu, 07 Sep 2017 08:30:34 +0200 Original-Received: from localhost ([::1]:38999 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpqKk-0002QS-7r for ged-emacs-devel@m.gmane.org; Thu, 07 Sep 2017 02:30:38 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49663) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpqKd-0002Q0-4u for emacs-devel@gnu.org; Thu, 07 Sep 2017 02:30:32 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dpqKc-00009v-Bz for emacs-devel@gnu.org; Thu, 07 Sep 2017 02:30:31 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:39962) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dpqKX-00008C-3o; Thu, 07 Sep 2017 02:30:25 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 84D4516091A; Wed, 6 Sep 2017 23:30:21 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id kbOtcFipwFNH; Wed, 6 Sep 2017 23:30:16 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id F2B7D16098A; Wed, 6 Sep 2017 23:30:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 86CGv_IVAyRe; Wed, 6 Sep 2017 23:30:15 -0700 (PDT) Original-Received: from [192.168.1.9] (unknown [47.153.184.153]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id CD56E16096C; Wed, 6 Sep 2017 23:30:15 -0700 (PDT) In-Reply-To: <83lglr24ck.fsf@gnu.org> Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 131.179.128.68 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:217972 Archived-At: Eli Zaretskii wrote: > Or maybe we could discuss the criteria for blocking bugs, and if > agreed, no further discussions would be necessary. This particular bug involved remote code execution by visiting an email attachment. Any security hole this serious should be blocking. It doesn't matter that the bug has been around for a while, as the bug is known now and is likely to be exploited by anyone who cares to attack Emacs users. I'm surprised that there was controversy about this case, as the bug really should be fixed as soon as we reasonably can, or in any event before the next release.