[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ANNOUNCE] Emacs 25.3 released
From: |
Eli Zaretskii |
Subject: |
Re: [ANNOUNCE] Emacs 25.3 released |
Date: |
Tue, 12 Sep 2017 19:42:45 +0300 |
> From: Roland Winkler <address@hidden>
> Date: Tue, 12 Sep 2017 11:06:14 -0500
>
> > (eval-after-load "enriched"
> > '(defun enriched-decode-display-prop (start end &optional param)
> > (list start end)))
>
> Many users may have the problem that they cannot upgrade immediately to
> 25.3. Is it fair to say that putting the above lines of code in
> ~/.emacs fully protects the user from the vulnerability?
Yes, it does.
> If yes, we may want to advertise these lines of code more broadly.
Please feel free to do that.
> Or do the above lines of code provide only an incomplete fix?
It's a complete fix, in the sense that it completely removes the
vulnerability, by disabling processing of 'display' properties in
Enriched text.
- Re: [ANNOUNCE] Emacs 25.3 released, (continued)
- Re: [ANNOUNCE] Emacs 25.3 released, Richard Stallman, 2017/09/13
- Re: [ANNOUNCE] Emacs 25.3 released, Ulrich Mueller, 2017/09/13
- Re: [ANNOUNCE] Emacs 25.3 released, Richard Stallman, 2017/09/13
- Re: [ANNOUNCE] Emacs 25.3 released, Ulrich Mueller, 2017/09/14
- Re: Emacs 25.3 released, Etienne Prud’homme, 2017/09/14
- Re: Emacs 25.3 released, Nicolas Petton, 2017/09/14
- Re: [ANNOUNCE] Emacs 25.3 released, Richard Stallman, 2017/09/14
Re: [ANNOUNCE] Emacs 25.3 released,
Eli Zaretskii <=
Re: [ANNOUNCE] Emacs 25.3 released, Phillip Lord, 2017/09/12
- Re: [ANNOUNCE] Emacs 25.3 released, Stefan Monnier, 2017/09/12
- security-patches package (was: [ANNOUNCE] Emacs 25.3 released), Ted Zlatanov, 2017/09/14
- Re: security-patches package, Stefan Monnier, 2017/09/15
- Re: security-patches package, Ted Zlatanov, 2017/09/16
- Re: security-patches package, Phillip Lord, 2017/09/21
- Re: security-patches package, Stefan Monnier, 2017/09/21
- Message not available
- Re: security-patches package, Phillip Lord, 2017/09/25
Re: security-patches package, Ted Zlatanov, 2017/09/22
Re: security-patches package, Stephen Leake, 2017/09/23