From: lux <lx@shellcodes.org>
To: Stefan Kangas <stefankangas@gmail.com>, emacs-devel@gnu.org
Cc: Troy Hinckley <comms@dabrev.com>
Subject: Re: Help testing emacs-28.3-rc1.tar.gz on MS-Windows
Date: Mon, 20 Feb 2023 00:04:09 +0800 [thread overview]
Message-ID: <tencent_ECA126ADC6FB6E4AFE22FC259885136FA605@qq.com> (raw)
In-Reply-To: <CADwFkmnaV4ddHn+nYHsbrgXd9o31izXyG1pOv5Rk9+H5nK83BQ@mail.gmail.com>
On Sun, 2023-02-19 at 04:34 -0800, Stefan Kangas wrote:
> lux <lx@shellcodes.org> writes:
>
> > Stefan, this is a new vulnerability found in orgmode, which also
> > exists
> > in the built-in orgmode of Emacs 28. Does it need to be fixed
> > together
> > in 28.3?
> >
> > https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A@qq.com/T/#t
>
> Thanks for continuing to work on improving Emacs' security.
>
> I don't want to delay Emacs 28.3 any more, and I'm ready to release
> it
> now. Perhaps it's fine to wait with this fix until Emacs 29.1,
> especially seeing that Org Mode can release a new fixed version
> through
> GNU ELPA immediately, and distributions can pick it up from there.
> Furthermore, the Emacs 29 pretest will start any day now.
>
> But I'd like to hear what others think. Is it important to include
> this
> fix in Emacs 28.3?
>
I reviewed the code of Org Mode, found some new security problems, if
fix these code, may affect the release 23.8, so recommended Org Mode
team to release a new version after.
next prev parent reply other threads:[~2023-02-19 16:04 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-19 10:51 Help testing emacs-28.3-rc1.tar.gz on MS-Windows Stefan Kangas
2023-02-19 12:05 ` lux
2023-02-19 12:34 ` Stefan Kangas
2023-02-19 16:04 ` lux [this message]
2023-02-19 12:20 ` Eli Zaretskii
2023-02-19 12:34 ` Stefan Kangas
2023-02-19 12:39 ` lux
2023-02-19 13:05 ` Stefan Kangas
2023-02-19 13:49 ` N. Jackson
2023-02-19 14:06 ` Stefan Kangas
2023-02-19 15:00 ` Eli Zaretskii
2023-02-19 17:11 ` Stefan Kangas
2023-03-03 6:00 ` Yuan Fu
2023-03-03 7:57 ` Eli Zaretskii
2023-03-05 4:05 ` Richard Stallman
2023-08-19 18:14 ` Eli Zaretskii
2023-08-22 1:06 ` Richard Stallman
2023-08-22 11:40 ` Eli Zaretskii
2023-08-23 2:14 ` Richard Stallman
2023-02-19 15:31 ` Ulrich Mueller
2023-02-19 15:34 ` Eli Zaretskii
2023-02-19 15:05 ` Ulrich Mueller
2023-02-19 16:29 ` Stefan Kangas
2023-03-02 18:52 ` Troy Hinckley
2023-02-19 15:59 ` Óscar Fuentes
2023-02-19 19:05 ` Óscar Fuentes
2023-03-06 19:40 ` H. Dieter Wilhelm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tencent_ECA126ADC6FB6E4AFE22FC259885136FA605@qq.com \
--to=lx@shellcodes.org \
--cc=comms@dabrev.com \
--cc=emacs-devel@gnu.org \
--cc=stefankangas@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).