From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: "Roland Winkler" Newsgroups: gmane.emacs.devel Subject: Re: [ANNOUNCE] Emacs 25.3 released Date: Tue, 12 Sep 2017 11:54:39 -0500 Message-ID: <4431.25452.741228.22968@gargle.gargle.HOWL> References: <87wp55t0un.fsf@petton.fr> <87tw07kikp.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1505235601 1161 195.159.176.226 (12 Sep 2017 17:00:01 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 12 Sep 2017 17:00:01 +0000 (UTC) Cc: emacs-devel@gnu.org To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 12 18:59:53 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1droX2-0007LQ-SK for ged-emacs-devel@m.gmane.org; Tue, 12 Sep 2017 18:59:29 +0200 Original-Received: from localhost ([::1]:37651 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1droXA-0000ty-5D for ged-emacs-devel@m.gmane.org; Tue, 12 Sep 2017 12:59:36 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36497) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1droSR-0005r4-Kx for emacs-devel@gnu.org; Tue, 12 Sep 2017 12:54:44 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1droSP-0001ut-1w for emacs-devel@gnu.org; Tue, 12 Sep 2017 12:54:43 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40586) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1droSO-0001uh-Ti; Tue, 12 Sep 2017 12:54:40 -0400 Original-Received: from lukas.physics.niu.edu ([131.156.224.124]:49498 helo=lukas) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1droSO-0006Eh-Gq; Tue, 12 Sep 2017 12:54:40 -0400 In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218137 Archived-At: On Tue Sep 12 2017 Paul Eggert wrote: > On 09/12/2017 09:06 AM, Roland Winkler wrote: > > Is it fair to say that putting the above lines of code in > > ~/.emacs fully protects the user from the vulnerability? > > Yes, if they avoid options like -Q that bypass ~/.emacs. > > > If yes, we may > > want to advertise these lines of code more broadly. > > What do you suggest? We sent email to info-gnu. It's been publicized on > Reddit, OpenNET (in Russian), Linux-Magazin (in German), and so forth. I see, thanks. I only knew about Nico's post here on emacs-devel. I do not check the sources you mentioned. I expect that (soon) http://www.gnu.org/software/emacs/ gets updated, too. So far, it only advertises emacs 25.2.