Re: enriched.el code execution

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: enriched.el code execution

From:	Reiner Steib
Subject:	Re: enriched.el code execution
Date:	Thu, 07 Sep 2017 22:47:08 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On Wed, Sep 06 2017, Paul Eggert wrote:

> This particular bug involved remote code execution by visiting an
> email attachment. Any security hole this serious should be
> blocking. It doesn't matter that the bug has been around for a while,
> as the bug is known now and is likely to be exploited by anyone who
> cares to attack Emacs users. I'm surprised that there was controversy
> about this case, as the bug really should be fixed as soon as we
> reasonably can, or in any event before the next release.

If I understand correctly, this issue is serious enough (CVSS is 8.8,
Common Vulnerability Scoring System, v3.0) that we should prepare a
security fix release (from Emacs 25.2) as soon as we have a fix for
this bug (or we should disable this feature of enriched mode).

Bye, Reiner.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: release bugs [was Re: Processed: enriched.el code execution], (continued)

Prev by Date: Re: Suspicious warning in W64 build
Next by Date: Re: [Emacs-diffs] master da3e101: ; Try not to affect match data
Previous by thread: Re: release bugs [was Re: Processed: enriched.el code execution]
Next by thread: Re: enriched.el code execution
Index(es):
- Date
- Thread