Re: [ANNOUNCE] Emacs 25.3 released

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Emacs 25.3 released

From:	Phillip Lord
Subject:	Re: [ANNOUNCE] Emacs 25.3 released
Date:	Tue, 12 Sep 2017 17:46:39 -0000
User-agent:	SquirrelMail/1.5.2 [SVN]

On Tue, September 12, 2017 4:06 pm, Roland Winkler wrote:
> On Mon, Sep 11 2017, Nicolas Petton wrote:
>
>> This vulnerability was introduced in Emacs 19.29.  To work around that
>> in Emacs versions before 25.3, append the following to your ~/.emacs init
>> file:
>>
>>
>> (eval-after-load "enriched"
>> '(defun enriched-decode-display-prop (start end &optional param)
>> (list start end)))
>>
>
> Many users may have the problem that they cannot upgrade immediately to
> 25.3.  Is it fair to say that putting the above lines of code in
> ~/.emacs fully protects the user from the vulnerability?  If yes, we may
> want to advertise these lines of code more broadly.  Or do the above lines
> of code provide only an incomplete fix?  Then, what can users do instead
> when they still have to use older versions of emacs?



What do we not put a "vulnerability" package onto ELPA, then install this
by default. This way, new emacs releases would provide an automatic
mechanism for fixing vulnerabilities. And, for old emacs, the advice would
be "M-x package-install vulnerability".

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [ANNOUNCE] Emacs 25.3 released, (continued)
- Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released, Clément Pit-Claudel, 2017/09/12

Prev by Date: Re: [ANNOUNCE] Emacs 25.3 released
Next by Date: Re: Suspicious warning in W64 build
Previous by thread: Re: [ANNOUNCE] Emacs 25.3 released
Next by thread: Re: [ANNOUNCE] Emacs 25.3 released
Index(es):
- Date
- Thread