From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: charles@aurox.ch (Charles A. Roelli) Newsgroups: gmane.emacs.help Subject: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Sat, 23 Sep 2017 12:05:47 +0200 Message-ID: References: <2e991bb7-c570-49ce-be94-3654945bb4b5@mousecar.com> <87d16jxjz6.fsf@eps142.cdf.udc.es> <861smzcgx3.fsf@zoho.com> <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1506161192 14177 195.159.176.226 (23 Sep 2017 10:06:32 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 23 Sep 2017 10:06:32 +0000 (UTC) Cc: help-gnu-emacs@gnu.org To: Mario =?utf-8?Q?Castel=C3=A1n?= Castro Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sat Sep 23 12:06:28 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dvhKN-0003CN-BT for geh-help-gnu-emacs@m.gmane.org; Sat, 23 Sep 2017 12:06:27 +0200 Original-Received: from localhost ([::1]:34290 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvhKR-0005m3-CK for geh-help-gnu-emacs@m.gmane.org; Sat, 23 Sep 2017 06:06:31 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45957) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dvhJt-0005lw-0U for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 06:05:57 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dvhJp-0004Fg-Tb for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 06:05:57 -0400 Original-Received: from sinyavsky.aurox.ch ([37.35.109.145]:44557) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dvhJp-0004F2-K2 for help-gnu-emacs@gnu.org; Sat, 23 Sep 2017 06:05:53 -0400 Original-Received: from sinyavsky.aurox.ch (sinyavsky.aurox.ch [127.0.0.1]) by sinyavsky.aurox.ch (Postfix) with ESMTP id CAB4822550 for ; Sat, 23 Sep 2017 09:59:30 +0000 (UTC) Authentication-Results: sinyavsky.aurox.ch (amavisd-new); dkim=pass (1024-bit key) reason="pass (just generated, assumed good)" header.d=aurox.ch DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aurox.ch; h= content-transfer-encoding:content-type:content-type:mime-version :references:subject:subject:in-reply-to:to:from:from:message-id :date:date; s=dkim; t=1506160769; x=1507024770; bh=VHYfXjALYC88A 3JeU5XsdYikzHVIVCF6LK7iVatoSPM=; b=HUO4oB2vKCZGD0O+0mgEVC9F13FNl X1pEVkcsV6d0j3JRAY8VSWDrnvbuOP2LiSlYk+X13Qtr2ZpA3m86xDQCirSb8ikt 7OUSv2iU0CfqqkXLOLg+oNphXaFXrikIC4Xxijua6mKfZbvfUATJxre9TIeiFbdD SJJ9rOddO1tNxg= X-Virus-Scanned: Debian amavisd-new at test.virtualizor.com Original-Received: from sinyavsky.aurox.ch ([127.0.0.1]) by sinyavsky.aurox.ch (sinyavsky.aurox.ch [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Hqh1R1-Uvlzs for ; Sat, 23 Sep 2017 09:59:29 +0000 (UTC) Original-Received: from gray (125.85.192.178.dynamic.wline.res.cust.swisscom.ch [178.192.85.125]) by sinyavsky.aurox.ch (Postfix) with ESMTPSA id A008922506; Sat, 23 Sep 2017 09:59:27 +0000 (UTC) In-reply-to: <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> (message from Mario =?utf-8?Q?Castel=C3=A1n?= Castro on Fri, 22 Sep 2017 15:12:01 -0500) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 37.35.109.145 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114358 Archived-At: The code that caused CVE-2017-14482 (aka Bug#28350) was 100% correct. It was also far too powerful, so its behavior had to be properly limited. There is no way to find such a "bug" without reading the code and trying to understand its use.