Security advisory?

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security advisory?

From:	Chong Yidong
Subject:	Security advisory?
Date:	Fri, 22 Jun 2007 16:25:45 -0400

I notice that Mandriva has announced a security advisory for Emacs
21.4, because "a vulnerability in emacs was discovered where it would
crash when processing certain types of images."  This bug is being
files as a DoS (denial of service) vulnerability:

http://www.securityfocus.com/archive/1/471992/30/0/threaded

Does anyone know what the heck this is about?

Over the course of the Emacs 22 release cycle, we have accumulated
literally hundreds of ways to crash Emacs 21.4, some more esoteric
than others.  These are fixed in Emacs 22, not Emacs 21, so if anyone
wanted to, he or she could go through the emacs-devel archives for the
last couple of years, locate these crasher bugs, and file hundreds of
these "security advisories".  So it seems peculiar for this vendor to
single out one particular bug.

IMO, calling a bug that causes Emacs to crash a "denial of service
vulnerability" is little more than a silly example of
computer-security imperialism.

[Prev in Thread]

Current Thread

[Next in Thread]

Security advisory?, Chong Yidong <=
- Re: Security advisory?, Glenn Morris, 2007/06/22
  - Automatic display of images (was: Security advisory?), Reiner Steib, 2007/06/23
- Re: Security advisory?, Thien-Thi Nguyen, 2007/06/22

Prev by Date: Re: A wish, a plea
Next by Date: RE: how about a find-library-other-window command?
Previous by thread: address@hidden: Re: no prompt for Octave on Emacs for Windows]
Next by thread: Re: Security advisory?
Index(es):
- Date
- Thread