From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#63063: CVE-2021-36699 report
Date: Tue, 25 Apr 2023 18:17:24 +0200
Message-ID: <87mt2w7x7v.fsf@gmail.com>
References: <40-63e3c600-3-2d802d00@111202636>
 <01070187b503303f-1657dcaa-4f53-47da-9679-2f68a682d447-000000@eu-central-1.amazonses.com>
 <bcb96279c47143f403f588dc3f020725029137bd.camel@josefsson.org>
 <01070187b52a3165-eeb31a4e-fba7-4290-850a-c73ab11eb43f-000000@eu-central-1.amazonses.com>
 <83mt2wwi0y.fsf@gnu.org> <87v8hkctlc.fsf@yahoo.com>
 <83fs8owg3r.fsf@gnu.org> <87r0s8cq6c.fsf@yahoo.com>
 <83a5ywwcow.fsf@gnu.org> <87mt2wcjtf.fsf@yahoo.com>
 <834jp4w57b.fsf@gnu.org> <87edo8cflg.fsf@yahoo.com>
 <83zg6wuo0u.fsf@gnu.org> <875y9kce3f.fsf@yahoo.com>
 <83wn20un4u.fsf@gnu.org> <87wn20ayn7.fsf@yahoo.com>
 <tencent_1BD66AD86AA4EFECE403C37D82A138956609@qq.com>
 <83o7ncuf10.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="13894"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: luangruo@yahoo.com, lux <lx@shellcodes.org>, fuo@fuo.fi,
 63063@debbugs.gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Apr 25 18:18:34 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1prLNC-0003Pe-Mk
	for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 25 Apr 2023 18:18:34 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1prLN0-0002QT-9r; Tue, 25 Apr 2023 12:18:22 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1prLMg-0002H4-Ki
 for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 12:18:06 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1prLMg-0004mr-Ci
 for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 12:18:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1prLMf-0003UR-Of
 for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 12:18:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Robert Pluim <rpluim@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 25 Apr 2023 16:18:01 +0000
Resent-Message-ID: <handler.63063.B63063.168243945813383@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 63063
X-GNU-PR-Package: emacs
Original-Received: via spool by 63063-submit@debbugs.gnu.org id=B63063.168243945813383
 (code B ref 63063); Tue, 25 Apr 2023 16:18:01 +0000
Original-Received: (at 63063) by debbugs.gnu.org; 25 Apr 2023 16:17:38 +0000
Original-Received: from localhost ([127.0.0.1]:53429 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1prLMI-0003Tn-Gu
 for submit@debbugs.gnu.org; Tue, 25 Apr 2023 12:17:38 -0400
Original-Received: from mail-wr1-f44.google.com ([209.85.221.44]:57693)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rpluim@gmail.com>) id 1prLME-0003TY-Fj
 for 63063@debbugs.gnu.org; Tue, 25 Apr 2023 12:17:37 -0400
Original-Received: by mail-wr1-f44.google.com with SMTP id
 ffacd0b85a97d-2fa0ce30ac2so5417964f8f.3
 for <63063@debbugs.gnu.org>; Tue, 25 Apr 2023 09:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1682439448; x=1685031448;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=Kaq0Bu3cfIYG+8m2kXriWwazrCtveXdD4PXXRyFjUFk=;
 b=gcEzrnm82Wm4l9mVYLm0ZXJftGTDpy4iSapcdJYXrHTDbFpnwGXbRau44G8mi8W3Dl
 Ven6YvubcWueefhtUupbilj9q4OLF+L8Eok2G4I8mmhLps96RYoQp1z8swL9JNNbnSzO
 5KI/wQxVj4hsvZNm/NXCfvJXj93CL8SobDqwYD9nsdc0dwwfwJD3eKYjLLhazuxvTnf7
 f0mXIH/qp0d/5jgtlpKarpuDvOkOi83t9ffnXhX5OLz4CytTmQ3rCdelv3ddGJifm8Wn
 8WBsH1I0fS9ZY0LPUcGOCNjdC8zVogqcsnTjHivW8AiPMWAnI+PRMcTQyqA0X+f2BXBX
 BgJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1682439448; x=1685031448;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=Kaq0Bu3cfIYG+8m2kXriWwazrCtveXdD4PXXRyFjUFk=;
 b=bccYz+BCJ4ZzTDx5F318uOQWaGcHQBgL1la2i9HCepcbHMdliAo52qza1EjVXsCDch
 Pz8JioF7CGpSPLcd6ha5dgy9dZrbEAghNxlhuR1N95cMIQXuLnjg6Y1F4KfBtwLW184y
 E/8cG3iDCPPFy9A81lU716PwFFibPEt46gyD6gaHglmtNqtSzreU7hSS3x1lvapKs7Z4
 ZTOe28x4NI1XvFqKScBsIFvX0ErnRR2RMRHtq4ecfIpEUkzJC2T7hmvTGtiaddNPxIpk
 JcyvrTtMZoEuBUtfFQ5240h1cAXla3dGsTNKOuAc9rQWvQ4jbQjFhocilC5H4vGni9pI
 zv/w==
X-Gm-Message-State: AAQBX9dYtA+G5PXJ0MxTp9qF9Emak4sjJD6+SILx5pIjGoeUOBcvsInC
 ODERerBFVPPvUfffWBxqWww=
X-Google-Smtp-Source: AKy350Y7FL3x8Xt9/Nk2pRC5E7skxMt3HK+KNp1CVjLXFD27YsIcjNMUjY4Sr3uldmA3YyrZwaZKSg==
X-Received: by 2002:a05:6000:1084:b0:2ff:613c:af5f with SMTP id
 y4-20020a056000108400b002ff613caf5fmr11658063wrw.30.1682439448143; 
 Tue, 25 Apr 2023 09:17:28 -0700 (PDT)
Original-Received: from rltb ([82.66.8.55]) by smtp.gmail.com with ESMTPSA id
 z14-20020a5d4d0e000000b002efb4f2d240sm13441681wrt.87.2023.04.25.09.17.26
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 25 Apr 2023 09:17:27 -0700 (PDT)
In-Reply-To: <83o7ncuf10.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 25 Apr
 2023 19:01:47 +0300")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:260628
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/260628>

>>>>> On Tue, 25 Apr 2023 19:01:47 +0300, Eli Zaretskii <eliz@gnu.org> said:

    >> From: lux <lx@shellcodes.org>
    >> Cc: 63063@debbugs.gnu.org, fuo@fuo.fi
    >> Date: Tue, 25 Apr 2023 23:54:33 +0800
    >>=20
    >> I think if the reported CVEs are real and valid, they should be taken
    >> seriously.

    Eli> I agree, but in this case all I see is a convoluted way of having
    Eli> Emacs crash.  That's not a security problem in my book.

"It=CA=BCs a denial of service attack. You MUST fix it. Where=CA=BCs my fee=
?"

(sorry, I too deal with this kind of stuff far too often).

Robert
--=20