[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28350: enriched.el code execution
From: |
Eli Zaretskii |
Subject: |
bug#28350: enriched.el code execution |
Date: |
Sat, 16 Sep 2017 12:48:58 +0300 |
> Date: Mon, 11 Sep 2017 22:07:26 +0300
> From: Eli Zaretskii <eliz@gnu.org>
> Cc: larsi@gnus.org, eggert@cs.ucla.edu, 28350@debbugs.gnu.org
>
> > Date: Mon, 11 Sep 2017 20:44:19 +0200
> > From: charles@aurox.ch (Charles A. Roelli)
> > CC: eggert@cs.ucla.edu, larsi@gnus.org, 28350@debbugs.gnu.org
> >
> > > Here's the idea: we introduce a new form of a display property:
> > >
> > > ('disable-eval SPEC)
> > >
> > > where SPEC is anything supported in a display property.
> >
> > Thanks for suggesting this; it's much cleaner than sanitizing the
> > display specification from Lisp. Looks good to me.
>
> Thanks, I will wait for a few days before pushing.
Done.
Lars, I re-enabled support for enriched text in Gnus, as the
vulnerability is now removed. Feel free to disable it again, if you
don't want Gnus users to be able to display enriched text, ever.
I'm marking the bug done.
- bug#28350: enriched.el code execution, (continued)
bug#28350: enriched.el code execution, Paul Eggert, 2017/09/09
bug#28350: enriched.el code execution, Eli Zaretskii, 2017/09/11
bug#28350: enriched.el code execution, Charles A. Roelli, 2017/09/11
bug#28350: enriched.el code execution, Eli Zaretskii, 2017/09/11
bug#28350: enriched.el code execution,
Eli Zaretskii <=
bug#28350: enriched.el code execution, Glenn Morris, 2017/09/11