From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Security advisory? Date: Fri, 22 Jun 2007 16:25:45 -0400 Message-ID: <87fy4j7n3q.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1182544007 1341 80.91.229.12 (22 Jun 2007 20:26:47 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 22 Jun 2007 20:26:47 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jun 22 22:26:46 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1I1piI-0007eZ-AY for ged-emacs-devel@m.gmane.org; Fri, 22 Jun 2007 22:26:38 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1I1piH-0000x3-Rt for ged-emacs-devel@m.gmane.org; Fri, 22 Jun 2007 16:26:37 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1I1phw-0000nF-Iv for emacs-devel@gnu.org; Fri, 22 Jun 2007 16:26:16 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1I1phv-0000mb-78 for emacs-devel@gnu.org; Fri, 22 Jun 2007 16:26:16 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1I1phu-0000mU-Rd for emacs-devel@gnu.org; Fri, 22 Jun 2007 16:26:14 -0400 Original-Received: from cyd.mit.edu ([18.115.2.24]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1I1phu-0004e8-J2 for emacs-devel@gnu.org; Fri, 22 Jun 2007 16:26:14 -0400 Original-Received: by cyd.mit.edu (Postfix, from userid 1000) id 54FA04E4CE; Fri, 22 Jun 2007 16:25:45 -0400 (EDT) X-detected-kernel: Linux 2.6 (newer, 1) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:73656 Archived-At: I notice that Mandriva has announced a security advisory for Emacs 21.4, because "a vulnerability in emacs was discovered where it would crash when processing certain types of images." This bug is being files as a DoS (denial of service) vulnerability: http://www.securityfocus.com/archive/1/471992/30/0/threaded Does anyone know what the heck this is about? Over the course of the Emacs 22 release cycle, we have accumulated literally hundreds of ways to crash Emacs 21.4, some more esoteric than others. These are fixed in Emacs 22, not Emacs 21, so if anyone wanted to, he or she could go through the emacs-devel archives for the last couple of years, locate these crasher bugs, and file hundreds of these "security advisories". So it seems peculiar for this vendor to single out one particular bug. IMO, calling a bug that causes Emacs to crash a "denial of service vulnerability" is little more than a silly example of computer-security imperialism.