bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28350: enriched.el code execution

From: Paul Eggert
Subject: bug#28350: enriched.el code execution
Date: Sat, 9 Sep 2017 15:43:30 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
Thanks for reporting this bug. Since it is a serious security hole I have installed a patch by Lars Ingebrigtsen that temporarily disables the problematic translations, and that also changes Gnus to not call enriched-decode. For the emacs-25 branch the patch is here: 

https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70

and for the master branch the patch is here:

https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=19584f13b1e2e4a778602a8302619ef5c675e68b
As this patch is merely a workaround to close the security hole, I am not marking the underlying bug as fixed. 

Thank you for reporting the problem.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]