Re: CVE-2017-14482 - Red Hat Customer Portal

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From:	Eli Zaretskii
Subject:	Re: CVE-2017-14482 - Red Hat Customer Portal
Date:	Sat, 23 Sep 2017 16:12:46 +0300

> From: Óscar Fuentes <ofv@wanadoo.es>
> Date: Sat, 23 Sep 2017 14:53:36 +0200
> 
> charles@aurox.ch (Charles A. Roelli) writes:
> 
> > The code that caused CVE-2017-14482 (aka Bug#28350) was 100% correct.
> > It was also far too powerful, so its behavior had to be properly
> > limited.
> 
> The two sentences above are contradictory.

Not really.  But they don't tell the whole story: the vulnerability
was actually caused by Gnus, MH-E, and perhaps other MUAs who decided
to automatically support enriched text, without checking the code
first.  Otherwise, enriched.el per se has/had no problem whatsoever.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)

Prev by Date: Re: CVE-2017-14482 - Red Hat Customer Portal
Next by Date: Re: bug#28568: 26.0.60; [eshell] Incompatible change in alias argument handling (Was: Possible Eshell/Tramp Bug in Emacs 26)
Previous by thread: Re: CVE-2017-14482 - Red Hat Customer Portal
Next by thread: Re: CVE-2017-14482 - Red Hat Customer Portal
Index(es):
- Date
- Thread