[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#63063: CVE-2021-36699 report
From: |
Eli Zaretskii |
Subject: |
bug#63063: CVE-2021-36699 report |
Date: |
Tue, 25 Apr 2023 10:53:09 +0300 |
> From: Nicolas Martyanoff <nicolas@n16f.net>
> Cc: fuomag9 <fuo@fuo.fi>, emacs-devel@gnu.org
> Date: Tue, 25 Apr 2023 09:13:34 +0200
>
> Po Lu <luangruo@yahoo.com> writes:
>
> > If you create a malformed dump file, of course Emacs cannot possibly
> > work. Here, the buffer overflow is not even a bug: signature checks are
> > already there to prevent a dump file created for a different copy of
> > Emacs from being loaded by mistake. If you deliberately create a
> > malformed dump file, Emacs does not guarantee correct operation.
> Is there a reason why Emacs does not validate dump files while reading
> them as any other program with any other data format? Nothing good ever
> comes from buffer overflows.
>
> > We are trying to put together two releases of a very large piece of
> > software at the same time, and really should not be wasting our time on
> > these CVE reports. It would save us a great deal of trouble if whoever
> > runs the CVE registry stopped tracking security ``issues'' with Emacs.
> I'm aware that most people simply do not care about security, and it is
> your right to do the same. However I sincerely hope it is not the view
> of the GNU Emacs project in general.
Please do NOT respond on emacs-devel, only to the bug tracker.
I've redirected the response.
- bug#63063: CVE-2021-36699 report, (continued)
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
bug#63063: CVE-2021-36699 report, fuomag9, 2023/04/25
bug#63063: CVE-2021-36699 report,
Eli Zaretskii <=
bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25