|
| From: | Paul Eggert |
| Subject: | Re: release bugs [was Re: Processed: enriched.el code execution] |
| Date: | Wed, 6 Sep 2017 23:30:15 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Eli Zaretskii wrote:
Or maybe we could discuss the criteria for blocking bugs, and if agreed, no further discussions would be necessary.
This particular bug involved remote code execution by visiting an email attachment. Any security hole this serious should be blocking. It doesn't matter that the bug has been around for a while, as the bug is known now and is likely to be exploited by anyone who cares to attack Emacs users. I'm surprised that there was controversy about this case, as the bug really should be fixed as soon as we reasonably can, or in any event before the next release.
| [Prev in Thread] | Current Thread | [Next in Thread] |