[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request to backport fix for CVE-2022-45939 to Emacs 28

From: Robert Pluim
Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Date: Tue, 14 Feb 2023 09:13:40 +0100

>>>>> On Mon, 13 Feb 2023 22:47:07 +0200, Eli Zaretskii <eliz@gnu.org> said:

    >> Date: Mon, 13 Feb 2023 12:15:50 -0600
    >> From: Troy Hinckley <comms@dabrev.com>
    >> My company will not allow an install of Emacs 28 due to CVE-2022-45939. 
There is a patch for this in the
    >> master branch, but it did not make it in time for Emacs 28.2. We have 
many Emacs users who would like to
    >> upgrade to 28. What would be the effort to back port this fix and do an 
Emacs 28.3 release?

    Eli> Unfortunately, we don't have the resources to produce another v28.x
    Eli> release.  Emacs 29.1 will start its pretest soon, and will have this
    Eli> issue resolved when it is released, hopefully in a couple of months.

    Eli> Alternatively, you could ask the distro which you are using (if you
    Eli> are using a distro) to backport that patch to the Emacs 28 codebase.
    Eli> Or patch the sources yourself and build Emacs, if that is how you
    Eli> produce the binaries.

Or for minimal effort: donʼt install the emacs-28 'etags'


reply via email to

[Prev in Thread] Current Thread [Next in Thread]