GNU bug report logs - #28350
CVE-2017-14482: enriched.el code execution

Previous Next

Package: emacs;

Reported by: charles <at> aurox.ch (Charles A. Roelli)

Date: Mon, 4 Sep 2017 19:26:01 UTC

Severity: important

Tags: security

Found in versions 25.1, 23.1, 21.4, 23.2, 21.2, 22.3, 24.3, 21.1, 21.3, 24.1, 24.5, 25.2, 24.2, 23.4, 22.1, 23.3, 24.4, 22.2

Fixed in version 25.3

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 28350 <at> debbugs.gnu.org (full text, mbox):

From: charles <at> aurox.ch (Charles A. Roelli)
To: 28350 <at> debbugs.gnu.org
Subject: Re: bug#28350: enriched.el code execution
Date: Wed, 06 Sep 2017 21:25:18 +0200

If anyone wants a fix to apply locally, the following s-expression
prevents the display parameter from being used by Enriched mode
(tested in Emacs 23+):

(eval-after-load "enriched"
  '(defun enriched-decode-display-prop (start end &optional param)
     (list start end)))

As for a fix to apply to master: I'd like to keep "x-display" if we
can agree on some "safe" predicate that the given parameter would have
to satisfy.  Looking at the list of display specifications that are
available, it seems that simple string, margin text, space-width,
height (only in the (+ n), (- n) and n cases) and raise specifications
should be okay.  Does anybody else have an opinion about this?
This bug report was last modified 7 years and 245 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.