GNU bug report logs - #24489
efaq: security risks

Previous Next

Package: emacs;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Tue, 20 Sep 2016 22:49:02 UTC

Severity: minor

Tags: security

Found in version 25.1

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #15 received at 24489 <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: Ted Zlatanov <tzz <at> lifelogs.com>
Cc: rgm <at> gnu.org, larsi <at> gnus.org, 24489 <at> debbugs.gnu.org
Subject: Re: bug#24489: efaq: security risks
Date: Fri, 23 Sep 2016 16:38:56 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Images and other resources can carry constructed data and be used as an
  > execution backdoor through browser or library bugs. The following don't
  > necessarily apply to Emacs, they are just examples of the variety and
  > severity of these attacks, which have risen in popularity as direct code
  > injection has become harder:

It is no use telling people, "Be afraid of browsing."
If we can't give any advice more specific than that, it would
be a useless annoyance.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.
This bug report was last modified 3 years and 191 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.