GNU bug report logs - #28350
CVE-2017-14482: enriched.el code execution

Previous Next

Package: emacs;

Reported by: charles <at> aurox.ch (Charles A. Roelli)

Date: Mon, 4 Sep 2017 19:26:01 UTC

Severity: important

Tags: security

Found in versions 25.1, 23.1, 21.4, 23.2, 21.2, 22.3, 24.3, 21.1, 21.3, 24.1, 24.5, 25.2, 24.2, 23.4, 22.1, 23.3, 24.4, 22.2

Fixed in version 25.3

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: charles <at> aurox.ch (Charles A. Roelli)
Cc: 28350 <at> debbugs.gnu.org
Subject: bug#28350: enriched.el code execution
Date: Sun, 10 Sep 2017 20:01:20 +0300

> Date: Sat, 09 Sep 2017 22:37:29 +0200
> From: charles <at> aurox.ch (Charles A. Roelli)
> CC: 28350 <at> debbugs.gnu.org
> 
> Thank you.  I've kept the current approach.  Please see again the
> attached patch.

Some minor nits below.

> Also, should the left-fringe/right-fringe display specifications be
> considered safe?  They seem innocuous.

Yes, I think so.  And your patch already does allow them, doesn't it?

> +(defcustom enriched-allow-unsafe-display-props nil
> +  "Variable determining whether to decode arbitrary display properties.

"If non-nil allow to evaluate arbitrary forms in display properties."

> +  :risky t
> +  :type 'boolean
> +  :group 'enriched)

Please add :version here.  Please also add a short NEWS entry.

It would be good to have tests for this, but doing that is much less
urgent than fixing the vulnerability, so please feel free to do so as
a separate commit (unless you already have the tests ready).

Otherwise, looks good to me.  Thanks.
This bug report was last modified 7 years and 245 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.