From: John Wiegley <jwiegley@gmail.com>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: Glenn Morris <rgm@gnu.org>, Eli Zaretskii <eliz@gnu.org>,
emacs-devel@gnu.org
Subject: Re: release bugs [was Re: Processed: enriched.el code execution]
Date: Thu, 07 Sep 2017 14:11:56 +0100 [thread overview]
Message-ID: <m2tw0er6ub.fsf@newartisans.com> (raw)
In-Reply-To: <d3344ecb-15c5-b393-f4bd-5fc8cac143b6@cs.ucla.edu> (Paul Eggert's message of "Wed, 6 Sep 2017 23:30:15 -0700")
>>>>> "PE" == Paul Eggert <eggert@cs.ucla.edu> writes:
PE> This particular bug involved remote code execution by visiting an email
PE> attachment. Any security hole this serious should be blocking. It doesn't
PE> matter that the bug has been around for a while, as the bug is known now
PE> and is likely to be exploited by anyone who cares to attack Emacs users.
PE> I'm surprised that there was controversy about this case, as the bug
PE> really should be fixed as soon as we reasonably can, or in any event
PE> before the next release.
It does seem that this issue should be easy enough to fix that we can delay
until it's included.
--
John Wiegley GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com 60E1 46C4 BD1A 7AC1 4BA2
next prev parent reply other threads:[~2017-09-07 13:11 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <83tw0h0yem.fsf@gnu.org>
[not found] ` <handler.s.C.150463767313430.transcript@debbugs.gnu.org>
2017-09-06 6:40 ` release bugs [was Re: Processed: enriched.el code execution] Glenn Morris
2017-09-06 9:41 ` John Wiegley
2017-09-06 10:00 ` Sven Joachim
2017-09-06 10:13 ` John Wiegley
2017-09-07 4:03 ` Richard Stallman
2017-09-07 14:43 ` Eli Zaretskii
2017-09-06 16:12 ` Eli Zaretskii
2017-09-07 6:30 ` Paul Eggert
2017-09-07 13:11 ` John Wiegley [this message]
2017-09-07 15:03 ` Eli Zaretskii
2017-09-07 21:32 ` Paul Eggert
2017-09-08 6:55 ` Eli Zaretskii
2017-09-08 7:11 ` Paul Eggert
2017-09-08 8:20 ` Fabrice Popineau
2017-09-08 21:42 ` Óscar Fuentes
2017-09-09 17:12 ` Richard Stallman
2017-09-09 18:27 ` Fabrice Popineau
2017-09-07 20:47 ` enriched.el code execution Reiner Steib
2017-09-07 21:24 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2tw0er6ub.fsf@newartisans.com \
--to=jwiegley@gmail.com \
--cc=eggert@cs.ucla.edu \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=rgm@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).