[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Request to backport fix for CVE-2022-45939 to Emacs 28
From: |
Eli Zaretskii |
Subject: |
Re: Request to backport fix for CVE-2022-45939 to Emacs 28 |
Date: |
Wed, 15 Feb 2023 14:28:01 +0200 |
> From: Tim Cross <theophilusx@gmail.com>
> Cc: lux <lx@shellcodes.org>, comms@dabrev.com, emacs-devel@gnu.org
> Date: Wed, 15 Feb 2023 07:10:58 +1100
>
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> > But that is not what the OP requested: he requested that we also
> > produce an Emacs 28.3 release. And that is a much larger job, for
> > which we currently don't have the time or resources.
>
> While I understand the resourcing issues, I think this is the wrong
> decision. We are in the situation where the current released version of
> Emacs has a known security exploit with a severity classification of
> high (although this assessment seems to be under review) and the
> response seems to be "Sorry, we are too busy trying to get the next
> version released to deal with this". If we were actually close to an
> Emacs 29 release, then perhaps this would be reasonable, but we don't
> even have a release candidate out yet.
>
> Failing to address a high security vulnerability for months is a
> disservice for the emacs user base and likely to be a blight on Emacs'
> reputation and only provides those against free software with free
> ammunition. In addition to the technical aspects of a security
> vulnerability, perception is just as important. While the specific
> technical aspects of this vulnerability would seem to indicate only a
> subset of etags users are actually exposed to this risk, such detail is
> likely to be lost amongst the FUD which tends to accompany security
> issues.
Would you like to work on preparing an Emacs 28.3 tarball? The
instructions are in admin/make-tarball.txt and a couple of additional
files to which it points.
TIA
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, (continued)
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/13
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, lux, 2023/02/14
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/14
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Troy Hinckley, 2023/02/14
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/14
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Lynn Winebarger, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, lux, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Tim Cross, 2023/02/14
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Robert Pluim, 2023/02/15
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Richard Stallman, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28,
Eli Zaretskii <=
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Richard Stallman, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Jim Porter, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Stefan Kangas, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Robert Pluim, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Stefan Kangas, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, lux, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, lux, 2023/02/18