From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Emanuel Berg Newsgroups: gmane.emacs.help Subject: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Fri, 22 Sep 2017 09:48:40 +0200 Message-ID: <861smzcgx3.fsf@zoho.com> References: <2e991bb7-c570-49ce-be94-3654945bb4b5@mousecar.com> <87d16jxjz6.fsf@eps142.cdf.udc.es> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1506067961 24006 195.159.176.226 (22 Sep 2017 08:12:41 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 22 Sep 2017 08:12:41 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Fri Sep 22 10:12:37 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dvJ4d-00060c-PZ for geh-help-gnu-emacs@m.gmane.org; Fri, 22 Sep 2017 10:12:35 +0200 Original-Received: from localhost ([::1]:57238 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvJ4l-0003TB-1m for geh-help-gnu-emacs@m.gmane.org; Fri, 22 Sep 2017 04:12:43 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38440) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvIhm-0000uP-H0 for help-gnu-emacs@gnu.org; Fri, 22 Sep 2017 03:48:59 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dvIhh-0001Sd-Mw for help-gnu-emacs@gnu.org; Fri, 22 Sep 2017 03:48:58 -0400 Original-Received: from [195.159.176.226] (port=50178 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dvIhh-0001SF-FR for help-gnu-emacs@gnu.org; Fri, 22 Sep 2017 03:48:53 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dvIhU-00075q-Ot for help-gnu-emacs@gnu.org; Fri, 22 Sep 2017 09:48:40 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: help-gnu-emacs@gnu.org Original-Lines: 28 Original-X-Complaints-To: usenet@blaine.gmane.org Mail-Copies-To: never Cancel-Lock: sha1:ugGenMhA3fDagf8BIROeBlHUukI= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 195.159.176.226 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114345 Archived-At: Alberto Luaces wrote: >> Many people, including myself, have systems >> with package managers... which have >> dependencies... all of which make upgrading >> outside of package management unfeasible. > > The workaround doesn't require installing nor > upgrading nothing. Yes it does - it requires installing the workaround :) Obviously the corrected version in the repositories is ideal. It would be interesting to see the original code that created this vulnerability. I mean, so you know what *not* to write... ehem. Also, it would be interesting to learn how it was discovered. Wait, don't tell me! It was an antivirus program, right? That program would sure be interesting to see as well ;) -- underground experts united http://user.it.uu.se/~embe8573