From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Philippe Vaucher Newsgroups: gmane.emacs.devel Subject: Re: [ANNOUNCE] Emacs 25.3 released Date: Tue, 12 Sep 2017 18:05:29 +0200 Message-ID: References: <87wp55t0un.fsf@petton.fr> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="94eb2c092b42262da80559003817" X-Trace: blaine.gmane.org 1505232442 8105 195.159.176.226 (12 Sep 2017 16:07:22 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 12 Sep 2017 16:07:22 +0000 (UTC) Cc: Emacs Devel To: Nicolas Petton Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 12 18:07:14 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drni9-0000t5-Is for ged-emacs-devel@m.gmane.org; Tue, 12 Sep 2017 18:06:53 +0200 Original-Received: from localhost ([::1]:36790 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drniG-0007Mq-Oo for ged-emacs-devel@m.gmane.org; Tue, 12 Sep 2017 12:07:00 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58191) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drnhL-0007Lg-GQ for emacs-devel@gnu.org; Tue, 12 Sep 2017 12:06:04 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1drnhK-0005y3-Hs for emacs-devel@gnu.org; Tue, 12 Sep 2017 12:06:03 -0400 Original-Received: from mail-vk0-x22f.google.com ([2607:f8b0:400c:c05::22f]:37487) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1drnhK-0005xQ-DF for emacs-devel@gnu.org; Tue, 12 Sep 2017 12:06:02 -0400 Original-Received: by mail-vk0-x22f.google.com with SMTP id c82so13378174vkd.4 for ; Tue, 12 Sep 2017 09:06:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JU/umXgsNmBuLovOCKe9AU8HMU5OyL2LWK9HceWJDWI=; b=GpR01/lEfzZAcyyTGkcCahvcvKOrMbasyz44o1yfwvaxj2uY6umaweae6XK3/FYzbv UR0V5S8to61VD9qXVA5RZSQl1x0MdWhipIQOBsB6KndmijBGQv5KNvtqK0iwN7Gnaj3B AcKE0P4IZHj4ljyPDZAJSdyGY0PPkdIhEXTavl3b4IWqhvbhQPoyJb1zpBnaPj+36zhm fJLt63z5nQ0zfUZwws1a7uT+UdQefBEC9zX92DUQxY0uBeV49qwmQS/reylo/c3c8/+0 gl+LDCNVm/+NiFaO8ttOvllIsTBUv2yTtDybNaYfZ82yzq9NfmcapLI00X1I+ehc8r2s zi3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JU/umXgsNmBuLovOCKe9AU8HMU5OyL2LWK9HceWJDWI=; b=JoFSeAEYYoXTSX3M+FUuih0bKkoGlURutSu7J1tyHgr6MysZ99qG2Dq7KZpGxThJU+ s8zmVagmvm/NnNe9k+ZxgLMkzj7Bw7oCYqjzYuNghVCYgS+wnKI4IpgX1sGmCqQ4/Xl5 QAUJBkQHrKEVnGVBIEty9oHmEt0Yvq+fX/DJDmtkr+7QXSuK+ldfqzxdw593hSjji8/8 f1M0foh3TELQEsDbeo8b9rqZfunCvdNLBQ9LIh5bA2njJy9kSMj36S9vg1S95BpYtEkg s88QKY9x1GuCZfzLtbBUuJfiwLOtnz9++FDtr0zNNsk1RjQeOJ6Qdy8iCRWyiSzImUgh P57w== X-Gm-Message-State: AHPjjUjctk372vs4Rn7NmZndShS99nuAyZh6oYO9Adurr1eaAtmJCin4 +PduZTCkjtO5XOEJVGS/kJ5mx+YdgA== X-Google-Smtp-Source: AOwi7QCnDtspcYimYX5SE6Q120JrBDC+vmUfhXvkUXygjbyU1XRKssMVwIX+Kj//dOtpKkTrhjnO4Bhw+A7Ykl0jnf8= X-Received: by 10.31.233.196 with SMTP id g187mr10740688vkh.62.1505232360449; Tue, 12 Sep 2017 09:06:00 -0700 (PDT) Original-Received: by 10.103.112.131 with HTTP; Tue, 12 Sep 2017 09:05:29 -0700 (PDT) In-Reply-To: <87wp55t0un.fsf@petton.fr> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400c:c05::22f X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218127 Archived-At: --94eb2c092b42262da80559003817 Content-Type: text/plain; charset="UTF-8" > > This vulnerability was introduced in Emacs 19.29. To work around that > in Emacs versions before 25.3, append the following to your ~/.emacs > init file: > Does a vulnerability that has been there since that long really deserve such a rushed release? I mean, you could have gone through the classic release procedure with tags/branches etc and maybe delay the release for 2-3 days. Would it really have changed something in that case? I don't understand why this particular security issue was treated that dramatically, but maybe I'm missing something. Philippe --94eb2c092b42262da80559003817 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This vulnerability was introduced in Emacs 19.29= .=C2=A0 To work around that
in Emacs versions before 25.3, append the following to your ~/.emacs
init file:

Does a vulnerability that ha= s been there since that long really deserve such a rushed release?

I mean, you could have gone through the classic release pr= ocedure with tags/branches etc and maybe delay the release for 2-3 days. Wo= uld it really have changed something in that case?

I don't understand why this particular security issue was treated that= dramatically, but maybe I'm missing something.

Philippe
--94eb2c092b42262da80559003817--