[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help testing emacs-28.3-rc1.tar.gz on MS-Windows
|
From: |
lux |
|
Subject: |
Re: Help testing emacs-28.3-rc1.tar.gz on MS-Windows |
|
Date: |
Mon, 20 Feb 2023 00:04:09 +0800 |
|
User-agent: |
Evolution 3.46.4 (3.46.4-1.fc37) |
On Sun, 2023-02-19 at 04:34 -0800, Stefan Kangas wrote:
> lux <lx@shellcodes.org> writes:
>
> > Stefan, this is a new vulnerability found in orgmode, which also
> > exists
> > in the built-in orgmode of Emacs 28. Does it need to be fixed
> > together
> > in 28.3?
> >
> > https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A@qq.com/T/#t
>
> Thanks for continuing to work on improving Emacs' security.
>
> I don't want to delay Emacs 28.3 any more, and I'm ready to release
> it
> now. Perhaps it's fine to wait with this fix until Emacs 29.1,
> especially seeing that Org Mode can release a new fixed version
> through
> GNU ELPA immediately, and distributions can pick it up from there.
> Furthermore, the Emacs 29 pretest will start any day now.
>
> But I'd like to hear what others think. Is it important to include
> this
> fix in Emacs 28.3?
>
I reviewed the code of Org Mode, found some new security problems, if
fix these code, may affect the release 23.8, so recommended Org Mode
team to release a new version after.