On Mon, 2023-02-13 at 22:47 +0200, Eli Zaretskii wrote:
> > Date: Mon, 13 Feb 2023 12:15:50 -0600
> > From: Troy Hinckley <comms@dabrev.com>
> > 
> > My company will not allow an install of Emacs 28 due to CVE-2022-
> > 45939. There is a patch for this in the
> > master branch, but it did not make it in time for Emacs 28.2. We
> > have many Emacs users who would like to
> > upgrade to 28. What would be the effort to back port this fix and
> > do an Emacs 28.3 release?
> 
> Unfortunately, we don't have the resources to produce another v28.x
> release.  Emacs 29.1 will start its pretest soon, and will have this
> issue resolved when it is released, hopefully in a couple of months.
> 
> Alternatively, you could ask the distro which you are using (if you
> are using a distro) to backport that patch to the Emacs 28 codebase.
> Or patch the sources yourself and build Emacs, if that is how you
> produce the binaries.
> 

Hi, I can fix the CVE-2022-45939, this is a patch.

Eli, can you merge into emacs-28 branch?