GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Package: emacs;

Reported by: Demetri Obenour <demetriobenour <at> gmail.com>

Date: Fri, 18 Dec 2015 10:09:01 UTC

Severity: normal

Tags: security

Found in version 24.5

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #82 received at 22202 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: 22202 <at> debbugs.gnu.org
Cc: Richard Copley <rcopley <at> gmail.com>, Eli Zaretskii <eliz <at> gnu.org>,
 Andreas Schwab <schwab <at> linux-m68k.org>, demetriobenour <at> gmail.com,
 deng <at> randomsample.de
Subject: Re: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to
 random number generator attack on Windows systems
Date: Sun, 17 Jan 2016 17:42:44 -0800

Andreas Schwab discovered a problem with my patch in that GnuTLS wasn't 
initialized, and reverted the GnuTLS part of it. As I understand it, newer 
versions of GnuTLS initialize themselves when they are loaded and so do not run 
into the issue; I tested with GnuTLS 3.3.15, which I suppose is new enough. I 
attempted to fix this problem in the followup commit 
130d512045aa376333b664d58c501b3884187592.

Andreas's commit also changed some unrelated style issues, which I reverted; 
that is merely a longrunning stylistic disagreement, and right now is not a good 
time to be changing style in code unrelated to fixes.

This bug report was last modified 9 years and 179 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #22202 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems