[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: enriched.el code execution

From: Reiner Steib
Subject: Re: enriched.el code execution
Date: Thu, 07 Sep 2017 22:47:08 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On Wed, Sep 06 2017, Paul Eggert wrote:

> This particular bug involved remote code execution by visiting an
> email attachment. Any security hole this serious should be
> blocking. It doesn't matter that the bug has been around for a while,
> as the bug is known now and is likely to be exploited by anyone who
> cares to attack Emacs users. I'm surprised that there was controversy
> about this case, as the bug really should be fixed as soon as we
> reasonably can, or in any event before the next release.

If I understand correctly, this issue is serious enough (CVSS is 8.8,
Common Vulnerability Scoring System, v3.0) that we should prepare a
security fix release (from Emacs 25.2) as soon as we have a fix for
this bug (or we should disable this feature of enriched mode).

Bye, Reiner.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]