From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: John Wiegley <jwiegley@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: release bugs [was Re: Processed: enriched.el code execution]
Date: Wed, 06 Sep 2017 11:13:42 +0100
Message-ID: <m2vakwrv6x.fsf@newartisans.com>
References: <83tw0h0yem.fsf@gnu.org>
	<handler.s.C.150463767313430.transcript@debbugs.gnu.org>
	<bn1snkib3u.fsf@fencepost.gnu.org> <m2tw0gtb9d.fsf@newartisans.com>
	<873780i1tl.fsf@turtle.gmx.de>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1504692841 2008 195.159.176.226 (6 Sep 2017 10:14:01 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 6 Sep 2017 10:14:01 +0000 (UTC)
User-Agent: Gnus/5.130016 (Ma Gnus v0.16) Emacs/25.2.50 (darwin)
Cc: Glenn Morris <rgm@gnu.org>, Eli Zaretskii <eliz@gnu.org>,
	emacs-devel@gnu.org
To: Sven Joachim <svenjoac@gmx.de>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Sep 06 12:13:56 2017
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dpXLE-0008U0-70
	for ged-emacs-devel@m.gmane.org; Wed, 06 Sep 2017 12:13:52 +0200
Original-Received: from localhost ([::1]:35252 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dpXLK-00067D-TW
	for ged-emacs-devel@m.gmane.org; Wed, 06 Sep 2017 06:13:58 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54959)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jwiegley@gmail.com>) id 1dpXLC-000671-GB
	for emacs-devel@gnu.org; Wed, 06 Sep 2017 06:13:51 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jwiegley@gmail.com>) id 1dpXLB-0000ng-Mb
	for emacs-devel@gnu.org; Wed, 06 Sep 2017 06:13:50 -0400
Original-Received: from mail-wm0-x235.google.com ([2a00:1450:400c:c09::235]:35421)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <jwiegley@gmail.com>)
	id 1dpXL7-0000lV-Vv; Wed, 06 Sep 2017 06:13:46 -0400
Original-Received: by mail-wm0-x235.google.com with SMTP id f199so7589831wme.0;
	Wed, 06 Sep 2017 03:13:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:in-reply-to:date:message-id:references
	:user-agent:mail-followup-to:mime-version;
	bh=d23moyJnc97QqayVdxjcui5L/S/uxa8vd/0NavsRPiA=;
	b=NGWnpPonIwKhlspgyun5HHbDpkuhfeCF+MjmO12dXHka2db7wDnW/ilz7EHPlEffnh
	pLy6+sLfvv7Pe1mjXGcif/NZSSRV7oCB6Z0l3CPMpGKQcx2jQAEu1jXJ7evCnXrsHMgh
	5dqk5vZ1+Qg3slCfimvxBRXR518/HcJAfmF3nO/C59kMm+yQzbTbm+Fkfm7m93Olseai
	tMIbj3Ako1VgB/YXjFZT0SEc4XA7zOsSmFJqdEH2gHP6c9nKHL/66re7Htl9GTL1GgDJ
	DgIIXoYGheSXRXgwtzs3AEl/+rJrDQgy2r95e/eetWpfXlKGkwBbhgMiIqLO5TpS3GEi
	S9sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:in-reply-to:date:message-id
	:references:user-agent:mail-followup-to:mime-version;
	bh=d23moyJnc97QqayVdxjcui5L/S/uxa8vd/0NavsRPiA=;
	b=dtiYDvtTKHHV5NOOzsOS7Vn1lMtL9miMmRkIZ3jciutDMK9v29xVhiky0DHSagv4dH
	RRV5NgBvjV+7M4sWpOzayaEZFpQGTYyDm7mKJ7CL8jhIkjyOkCjGKnDAhNSjsCnwuXyn
	6fq+wM4C03Cb2FularfbESx/MOuCwCh66OCs5A8D+7s/xER9UziqSeVCsJeOEZjUVC8e
	BGlf8wkHdepEqts9Uhoca4jIePj5V+IAaUcsOjteFNUohPoA0ZMxFDUEFzMljMFi3cBS
	bZsUDHobjM4y86JGrDN8u3JQzP1hQ8MQo2u+3YuURapl357s7GhQy/lsbL5OPdWerFpZ
	rD9Q==
X-Gm-Message-State: AHPjjUhvC7yejqC7PCyCz8/gh5aeupfcS+wxQ2GMOGvc5NukLMIsEeeo
	yFtTQ19NYoOALg==
X-Google-Smtp-Source: ADKCNb6ZckomH9y3AqJiCzxtYfdc/xgwBkO9dXbIrTVAvai/csG88neuJJdoELBFCxlaHMBz/IbShA==
X-Received: by 10.28.111.73 with SMTP id k70mr1194527wmc.84.1504692824740;
	Wed, 06 Sep 2017 03:13:44 -0700 (PDT)
Original-Received: from Hermes.local (client-7-191.visitor-network.oxuni.org.uk.
	[192.76.7.191])
	by smtp.gmail.com with ESMTPSA id 32sm2288221wrs.19.2017.09.06.03.13.43
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 06 Sep 2017 03:13:43 -0700 (PDT)
X-Google-Original-From: "John Wiegley" <johnw@gnu.org>
Original-Received: by Hermes.local (Postfix, from userid 501)
	id 482292F01868; Wed,  6 Sep 2017 11:13:43 +0100 (BST)
In-Reply-To: <873780i1tl.fsf@turtle.gmx.de> (Sven Joachim's message of "Wed,
	06 Sep 2017 12:00:38 +0200")
Mail-Followup-To: Sven Joachim <svenjoac@gmx.de>, emacs-devel@gnu.org, Glenn
	Morris <rgm@gnu.org>, Eli Zaretskii <eliz@gnu.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c09::235
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:217964
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/217964>

>>>>> "SJ" == Sven Joachim <svenjoac@gmx.de> writes:

SJ> Well, #28350 looks pretty awful considering that the code execution
SJ> happens when you visit a mail attachment, for instance. Has anyone
SJ> requested a CVE for this yet, BTW?

I'm not aware of a CVE, but the reporter has said he'll be committing a fix
shortly.

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2