Re: [ANNOUNCE] Emacs 25.3 released

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Emacs 25.3 released

From:	Eli Zaretskii
Subject:	Re: [ANNOUNCE] Emacs 25.3 released
Date:	Tue, 12 Sep 2017 19:42:45 +0300

> From: Roland Winkler <address@hidden>
> Date: Tue, 12 Sep 2017 11:06:14 -0500
> 
> >   (eval-after-load "enriched"
> >     '(defun enriched-decode-display-prop (start end &optional param)
> >        (list start end)))
> 
> Many users may have the problem that they cannot upgrade immediately to
> 25.3.  Is it fair to say that putting the above lines of code in
> ~/.emacs fully protects the user from the vulnerability?

Yes, it does.

> If yes, we may want to advertise these lines of code more broadly.

Please feel free to do that.

> Or do the above lines of code provide only an incomplete fix?

It's a complete fix, in the sense that it completely removes the
vulnerability, by disabling processing of 'display' properties in
Enriched text.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [ANNOUNCE] Emacs 25.3 released, (continued)

Prev by Date: Re: [ANNOUNCE] Emacs 25.3 released
Next by Date: Re: [ANNOUNCE] Emacs 25.3 released
Previous by thread: Re: [ANNOUNCE] Emacs 25.3 released
Next by thread: Re: [ANNOUNCE] Emacs 25.3 released
Index(es):
- Date
- Thread