[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Emacs 25.3 released

From: Phillip Lord
Subject: Re: [ANNOUNCE] Emacs 25.3 released
Date: Tue, 12 Sep 2017 17:46:39 -0000
User-agent: SquirrelMail/1.5.2 [SVN]

On Tue, September 12, 2017 4:06 pm, Roland Winkler wrote:
> On Mon, Sep 11 2017, Nicolas Petton wrote:
>> This vulnerability was introduced in Emacs 19.29.  To work around that
>> in Emacs versions before 25.3, append the following to your ~/.emacs init
>> file:
>> (eval-after-load "enriched"
>> '(defun enriched-decode-display-prop (start end &optional param)
>> (list start end)))
> Many users may have the problem that they cannot upgrade immediately to
> 25.3.  Is it fair to say that putting the above lines of code in
> ~/.emacs fully protects the user from the vulnerability?  If yes, we may
> want to advertise these lines of code more broadly.  Or do the above lines
> of code provide only an incomplete fix?  Then, what can users do instead
> when they still have to use older versions of emacs?

What do we not put a "vulnerability" package onto ELPA, then install this
by default. This way, new emacs releases would provide an automatic
mechanism for fixing vulnerabilities. And, for old emacs, the advice would
be "M-x package-install vulnerability".

reply via email to

[Prev in Thread] Current Thread [Next in Thread]