[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: enriched.el code execution
From: |
Reiner Steib |
Subject: |
Re: enriched.el code execution |
Date: |
Thu, 07 Sep 2017 22:47:08 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
On Wed, Sep 06 2017, Paul Eggert wrote:
> This particular bug involved remote code execution by visiting an
> email attachment. Any security hole this serious should be
> blocking. It doesn't matter that the bug has been around for a while,
> as the bug is known now and is likely to be exploited by anyone who
> cares to attack Emacs users. I'm surprised that there was controversy
> about this case, as the bug really should be fixed as soon as we
> reasonably can, or in any event before the next release.
If I understand correctly, this issue is serious enough (CVSS is 8.8,
Common Vulnerability Scoring System, v3.0) that we should prepare a
security fix release (from Emacs 25.2) as soon as we have a fix for
this bug (or we should disable this feature of enriched mode).
Bye, Reiner.
- Re: release bugs [was Re: Processed: enriched.el code execution], (continued)
- Re: release bugs [was Re: Processed: enriched.el code execution], Paul Eggert, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution], John Wiegley, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution], Eli Zaretskii, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution], Paul Eggert, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution], Eli Zaretskii, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Paul Eggert, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Fabrice Popineau, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Óscar Fuentes, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Richard Stallman, 2017/09/09
- Re: release bugs [was Re: Processed: enriched.el code execution], Fabrice Popineau, 2017/09/09
- Re: enriched.el code execution,
Reiner Steib <=
- Re: enriched.el code execution, Paul Eggert, 2017/09/07