From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: =?utf-8?Q?=C3=93scar_Fuentes?= Newsgroups: gmane.emacs.help Subject: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Sat, 23 Sep 2017 14:53:36 +0200 Message-ID: <87377dtw33.fsf@qcore> References: <2e991bb7-c570-49ce-be94-3654945bb4b5@mousecar.com> <87d16jxjz6.fsf@eps142.cdf.udc.es> <861smzcgx3.fsf@zoho.com> <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1506171269 26006 195.159.176.226 (23 Sep 2017 12:54:29 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 23 Sep 2017 12:54:29 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sat Sep 23 14:54:21 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dvjwq-0006DG-L8 for geh-help-gnu-emacs@m.gmane.org; Sat, 23 Sep 2017 14:54:20 +0200 Original-Received: from localhost ([::1]:34914 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvjwx-0002b1-RO for geh-help-gnu-emacs@m.gmane.org; Sat, 23 Sep 2017 08:54:27 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42545) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvjwS-0002aw-GA for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 08:53:57 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dvjwP-0003Mq-EA for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 08:53:56 -0400 Original-Received: from [195.159.176.226] (port=46565 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dvjwP-0003ML-7S for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 08:53:53 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dvjwC-0003oS-35 for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 14:53:40 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 12 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:jFVHKt63sh9YTxotujoh//EkWcA= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 195.159.176.226 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114360 Archived-At: charles@aurox.ch (Charles A. Roelli) writes: > The code that caused CVE-2017-14482 (aka Bug#28350) was 100% correct. > It was also far too powerful, so its behavior had to be properly > limited. The two sentences above are contradictory. > There is no way to find such a "bug" without reading the > code and trying to understand its use. Maybe, in the Elisp case, this is true, but not in the general case.