[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs 28.3 Release
From: |
lux |
Subject: |
Re: Emacs 28.3 Release |
Date: |
Mon, 10 Apr 2023 22:33:08 +0800 |
User-agent: |
Evolution 3.46.4 (3.46.4-1.fc37) |
On Mon, 2023-04-10 at 16:20 +0300, Eli Zaretskii wrote:
> > Date: Mon, 10 Apr 2023 08:05:04 -0500
> > From: Troy Hinckley <comms@dabrev.com>
> >
> > I am asking again what we can do to complete the Emacs 28.3
> > release. My concern is that we have a
> > narrow window in which this version will be viable. As it currently
> > stands the latest stable release has a
> > high severity CVE that prevents Emacs from being installed in
> > security sensitive domains. 28.3 will
> > resolve that and make the latest stable release usable. However,
> > someone will inevitably find another
> > CVE against Emacs. At that point 28.3 will no longer be useful.
> > Given how hard it has been to get this
> > release, I doubt there would be resources to add another security
> > patch to Emacs 28.
> >
> > I am requesting to see if there is anything the community can do to
> > help complete this release before
> > it becomes irrelevant. The release candidate has been out for
> > couple months at this point.
>
> Stefan was working on 28.3, prepared an RC, and is silent for the
> last
> 4 weeks or so. I think any work on this should pick up where he left
> off, but for that we need him to tell us where he left off...
>
There are new security patches, CVE-2023-28617, CVE-2023-27985 and CVE-
2023-27986. If Emacs 28.3 is to be released, I suggest it should be
applied.
But, where is Stefan?
0001-Fix-CVE-2023-28617.patch
Description: Text Data
0001-Fix-CVE-2023-27985-and-CVE-2023-27986.patch
Description: Text Data