From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Sven Joachim <svenjoac@gmx.de>
Newsgroups: gmane.emacs.devel
Subject: Re: release bugs [was Re: Processed: enriched.el code execution]
Date: Wed, 06 Sep 2017 12:00:38 +0200
Message-ID: <873780i1tl.fsf@turtle.gmx.de>
References: <83tw0h0yem.fsf@gnu.org>
	<handler.s.C.150463767313430.transcript@debbugs.gnu.org>
	<bn1snkib3u.fsf@fencepost.gnu.org> <m2tw0gtb9d.fsf@newartisans.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1504692106 8197 195.159.176.226 (6 Sep 2017 10:01:46 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 6 Sep 2017 10:01:46 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)
Cc: Glenn Morris <rgm@gnu.org>, Eli Zaretskii <eliz@gnu.org>
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Sep 06 12:01:38 2017
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dpX8q-0000PM-DV
	for ged-emacs-devel@m.gmane.org; Wed, 06 Sep 2017 12:01:04 +0200
Original-Received: from localhost ([::1]:35222 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dpX8x-000463-A7
	for ged-emacs-devel@m.gmane.org; Wed, 06 Sep 2017 06:01:11 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51533)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <svenjoac@gmx.de>) id 1dpX8h-000451-HT
	for emacs-devel@gnu.org; Wed, 06 Sep 2017 06:01:05 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <svenjoac@gmx.de>) id 1dpX8Y-0004RY-CV
	for emacs-devel@gnu.org; Wed, 06 Sep 2017 06:00:55 -0400
Original-Received: from mout.gmx.net ([212.227.17.20]:55828)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <svenjoac@gmx.de>)
	id 1dpX8U-0004Na-Fg; Wed, 06 Sep 2017 06:00:42 -0400
Original-Received: from localhost.localdomain ([91.19.62.57]) by mail.gmx.com (mrgmx102
	[212.227.17.168]) with ESMTPSA (Nemesis) id 0Lv8hi-1dOPZt0Ly6-010L50;
	Wed, 06 Sep 2017 12:00:39 +0200
Original-Received: by localhost.localdomain (Postfix, from userid 1000)
	id 33C3A8023E; Wed,  6 Sep 2017 12:00:38 +0200 (CEST)
In-Reply-To: <m2tw0gtb9d.fsf@newartisans.com> (John Wiegley's message of "Wed, 
	06 Sep 2017 10:41:18 +0100")
X-Provags-ID: V03:K0:uc9oHujqRSb0SvtXGCNQGHyinecUnL1AY5iIv293lVoxCtpD4vs
	ZCvaDcCZeIMbR9X10/Bvsy/SG2ztfD0+Ad9PSLR5dwWjuulUJno385LrZiIjmZoC8yFf6IP
	0vuORlS1iHzLiRs4yI1kgKZnuDCnXfwdt2x28xbvVazBhLy6lWdFbpLBqLqX3M9NV47v3nS
	F9iVoK8mN7CoEA8qNxAOQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:pLN0Hb8DM+k=:MZqbtHy/0RGYbajLHnClWc
	1Z++AnAcn6/fnuzGewpqXvfJp0yxW0Q6wIk+rXIonYMZmu7gkzmY4IG9AetIJhHh2Gup1Jv3S
	WWJ12Urtq3DEGaVHhOj5ztawqHn5OjgXxW+xLCBbqbP1O8lHP6LzE+RrYz1ZwBOqX2hljV6yK
	u/F8DcW1f60vK7b/IthvZcbiTtCg4yqpVKqt0D/5sRvbFJ5s6JGfWxjEQaM9EkDbC5p7rTkdR
	Xu6MkV5mKS/Wo+qPQQx+PS2OUlqQTyqWBhjMOuk4/YHkhCduM3wrMYJBf3BIrOXC/8JiMTRsI
	I0ekz7Y83jDCqtHPG6A6nlEqVGGXv5lpAfog8TK6qgUATNy7iLln5iC+jpxv6JzNHvM5yRIKB
	Lv4I+U34G52DXHfg8amfHS0aVqnodBhNLoRurShAVDiQMhA4RJHbBcEuiRfSonqMOA5KH7+Ld
	LLN8dv7fIua4Qq0Bvk7JrfaeiP6mKQkHwvFISwnb/Ku56PaHcnEDFdu/AVjq55IpCZLUrLcCd
	jDP1YjZ2aJiK9DO5zwGFrz5loMeP8tm9R5YR3ZBnYu+mbyofbIfL4NdEbfQ/sKOKD56vxfsfj
	5L2tXNkYyy6JpZxGvtXqHzoeZk4xL6faaX5qjbiqEhJX+3MzIDoDT3OkVCHjdfEz+ral4L3pS
	LTxiwBVJGkQHmAaoIt2X/MBPozYYgCWnZs5ZlAjF9bn+4Icl1RMceuks5h/6yPBJGpeHJG+So
	pYSGGscrnnbeyfvIBhMXoPfvk5JsX9u5q9lQ7xuiJkGSVhWQmRl7ODThwZpdGYUviRKdsJO/ 
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 212.227.17.20
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:217963
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/217963>

On 2017-09-06 10:41 +0100, John Wiegley wrote:

>>>>>> "GM" == Glenn Morris <rgm@gnu.org> writes:
>
> GM> I'm surprised that you don't want to motivate people to fix security
> GM> vulnerabilities for the next release.
>
> Which security issues do you consider particularly awful?

Well, #28350 looks pretty awful considering that the code execution
happens when you visit a mail attachment, for instance.  Has anyone
requested a CVE for this yet, BTW?

Cheers,
       Sven