GNU bug report logs -
#28350
CVE-2017-14482: enriched.el code execution
Previous Next
Reported by: charles <at> aurox.ch (Charles A. Roelli)
Date: Mon, 4 Sep 2017 19:26:01 UTC
Severity: important
Tags: security
Found in versions 25.1, 23.1, 21.4, 23.2, 21.2, 22.3, 24.3, 21.1, 21.3, 24.1, 24.5, 25.2, 24.2, 23.4, 22.1, 23.3, 24.4, 22.2
Fixed in version 25.3
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On 09/11/2017 08:33 AM, Glenn Morris wrote:
> I submitted this tohttps://github.com/distributedweaknessfiling/ .
> I see you sent it tohttp://seclists.org/oss-sec/2017/q3/422 .
Yes, I sent it to the oss-security mailing list, and it is archived here:
http://www.openwall.com/lists/oss-security/2017/09/11/1
> Are you sure this issue affects Emacs 19.29, as stated there?
> The x-display code is "only" present since 21.1, AFAICS.
Thanks for checking. When I wrote that, I looked for any of the text
involved in Lars's patch. If a smaller patch will do, that might explain
why you're seeing 21.1 rather than 19.29. We can mention 21.1 instead of
19.29 in the 25.3 release, and I'll update etc/NEWS accordingly in
emacs-25 and master once that comes out.
These days almost nobody is running Emacs older than 21.1, so the exact
version number shouldn't matter to anybody other than software
archaeologists.
This bug report was last modified 7 years and 245 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.