From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability Date: Sat, 26 Nov 2022 05:03:02 -0800 Message-ID: References: <837czkw7sl.fsf@gnu.org> <8335a8w643.fsf@gnu.org> <83fse7ut10.fsf@gnu.org> <83cz9at42n.fsf@gnu.org> <835yf1ucgp.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="38909"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 59544@debbugs.gnu.org To: Eli Zaretskii , lux Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Nov 26 14:04:37 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oyurE-0009sz-OC for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 26 Nov 2022 14:04:36 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oyuql-0006sQ-Rn; Sat, 26 Nov 2022 08:04:07 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oyuqg-0006rn-FJ for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 08:04:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oyuqg-0007aD-6R for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 08:04:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oyuqg-00070M-1f for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 08:04:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 26 Nov 2022 13:04:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59544 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 59544-submit@debbugs.gnu.org id=B59544.166946779426852 (code B ref 59544); Sat, 26 Nov 2022 13:04:02 +0000 Original-Received: (at 59544) by debbugs.gnu.org; 26 Nov 2022 13:03:14 +0000 Original-Received: from localhost ([127.0.0.1]:38145 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyupt-0006z1-Jp for submit@debbugs.gnu.org; Sat, 26 Nov 2022 08:03:13 -0500 Original-Received: from mail-oo1-f49.google.com ([209.85.161.49]:37649) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyupo-0006yg-Hb for 59544@debbugs.gnu.org; Sat, 26 Nov 2022 08:03:10 -0500 Original-Received: by mail-oo1-f49.google.com with SMTP id e11-20020a4ab14b000000b0049be568062bso1015859ooo.4 for <59544@debbugs.gnu.org>; Sat, 26 Nov 2022 05:03:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=oEOOjlUlv52377x32pp7yt+zfYwWb2obpM/ucSJ9Kgk=; b=CAsqI+NnjJytPLARmoDNUd24T5WaDvFf+c8pEUggtP4v6kwzagqTT6z2NWfhm7kxD3 TxvvmTx2zF5fXhjwVhsyBDxdsantj0Zhj4KG7llu2cymagnHOZPGTEaEFRBJT+dr34S6 78g2pXTcg3sUHD/FLI2c/biRrcJd79kxxaWv5NCXp5Q8J4jIc6hZOLVXrre3iEFucbcy 4iJE0BxWYchK63jFSxQOK5ZWHWb+3ZaKJrWkYKerul84fToV5cSj3tZPDR+8QAL5UvKj 0cGGL0FyrtMlbnIXr9Ki8//MjEeAMShQ4QbvOUUCnkiQPYM5aQl4s9sQwpxm7mWz1XfJ Yjvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oEOOjlUlv52377x32pp7yt+zfYwWb2obpM/ucSJ9Kgk=; b=e/nVWBooQfZL/x9XIX+SH2oNZjsCUaBHKJBkG+pzs31Xq79NhWr9GD167tNWKwV7S9 VBpOSJ5FzoZ/2a/jW3KE84j1a7PyV6HHzQnM7gZxa/a4WzhinmvnRE1zCo17dvHQOwa3 1hYwsvcsUiO4olD/VSOXR+IAlDptd8PN92GaC7cACm/qui22yrVbf2lDwWjmRFdNipEh chHGouVCKGpAjqAJMljzs8eKqV5i8tbrLrh95PR4zKn5l3DGzHmGq+lB86Fy61M17S+4 ReDfVXj/UimqbAJ4k+Ch3UlqH63nu0h9/qQUOKMPP+FCy/oUvu27zrIeAbHdfDVmCypr l30g== X-Gm-Message-State: ANoB5plhmejFyUb3gcVIMbS1JH5UdGWd/57kbY3o44bVW0qxvvTz6pga ucesaft+DT0YAT+dzBS1fdeS1RUekGmBJlWKQr4= X-Google-Smtp-Source: AA0mqf6pWsZ02ZqnsEOpSRJijXc79PvVs2qz7bbh2e23/tu0ShsT3z8WzcWPAxViSy897xTLIsrpXhg27Wz4meWlR3c= X-Received: by 2002:a4a:54c1:0:b0:49f:d54c:9bcd with SMTP id t184-20020a4a54c1000000b0049fd54c9bcdmr14684476ooa.5.1669467782853; Sat, 26 Nov 2022 05:03:02 -0800 (PST) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 26 Nov 2022 05:03:02 -0800 In-Reply-To: <835yf1ucgp.fsf@gnu.org> X-Hashcash: 1:20:221126:lx@shellcodes.org::dDUn8CXpftMmUtmW:3Ymk X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:249082 Archived-At: Eli Zaretskii writes: > Fixing it will not magically remove the problem from all the Emacs > installations out there, will it? It will only help to people who track the > master branch and rebuild Emacs very frequently on top of that. Distributions often cherry-pick such patches and release security updates for their stable distributions.