GNU bug report logs - #28350
CVE-2017-14482: enriched.el code execution

Previous Next

Package: emacs;

Reported by: charles <at> aurox.ch (Charles A. Roelli)

Date: Mon, 4 Sep 2017 19:26:01 UTC

Severity: important

Tags: security

Found in versions 25.1, 23.1, 21.4, 23.2, 21.2, 22.3, 24.3, 21.1, 21.3, 24.1, 24.5, 25.2, 24.2, 23.4, 22.1, 23.3, 24.4, 22.2

Fixed in version 25.3

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #83 received at 28350 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Glenn Morris <rgm <at> gnu.org>
Cc: "Charles A. Roelli" <charles <at> aurox.ch>, 28350 <at> debbugs.gnu.org
Subject: Re: bug#28350: enriched.el code execution
Date: Tue, 12 Sep 2017 12:59:13 -0700

On 09/11/2017 02:16 PM, Glenn Morris wrote:
> Too late. :(

Yes, that horse left the barn. To close the barn door, I changed 
emacs-25's etc/NEWS (and master's etc/NEWS.25) to say "21.1" rather than 
"19.29" for when the bug was introduced, so that we look just "extremely 
bad" rather than "staggeringly bad" in the latest source code.
This bug report was last modified 7 years and 245 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.