GNU bug report logs - #52707
Log4j Shell Vulnerability

Previous Next

Package: emacs;

Reported by: "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>

Date: Tue, 21 Dec 2021 16:09:02 UTC

Severity: normal

Tags: notabug

Done: Dmitry Gutov <dgutov <at> yandex.ru>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 52707 in the body.
You can then email your comments to 52707 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#52707; Package emacs. (Tue, 21 Dec 2021 16:09:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Tue, 21 Dec 2021 16:09:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>
To: "bug-gnu-emacs <at> gnu.org" <bug-gnu-emacs <at> gnu.org>
Subject: Log4j Shell Vulnerability
Date: Tue, 21 Dec 2021 15:21:42 +0000

[Message part 1 (text/plain, inline)]
I'm sure you are well aware of the vulnerability with Log4j.  We are needing to determine if the application Emacs is vulnerable.  If so, do you plan on creating a patch or have a plan to patch?

Sam Terry
Research/Willow/Beacon/Therapy Plans - IT Manager
Sanford Health Technology Solutions
Route: 5012| O: 605.328.7310

[cid:image001.png <at> 01D7F64C.2A05F5A0]

-----------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
privileged and confidential information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.

[Message part 2 (text/html, inline)]
[image001.png (image/png, inline)]
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#52707; Package emacs. (Tue, 21 Dec 2021 16:48:01 GMT) Full text and rfc822 format available.

Message #8 received at 52707 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>
Cc: 52707 <at> debbugs.gnu.org
Subject: Re: bug#52707: Log4j Shell Vulnerability
Date: Tue, 21 Dec 2021 18:47:07 +0200

> From: "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>
> Date: Tue, 21 Dec 2021 15:21:42 +0000
> 
> I’m sure you are well aware of the vulnerability with Log4j.  We are needing to determine if the application
> Emacs is vulnerable.  If so, do you plan on creating a patch or have a plan to patch?

What does Log4j have to do with Emacs?
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#52707; Package emacs. (Tue, 21 Dec 2021 17:03:02 GMT) Full text and rfc822 format available.

Message #11 received at 52707 <at> debbugs.gnu.org (full text, mbox):

From: Daniel Martín <mardani29 <at> yahoo.es>
To: "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>
Cc: 52707 <at> debbugs.gnu.org
Subject: Re: bug#52707: Log4j Shell Vulnerability
Date: Tue, 21 Dec 2021 18:02:18 +0100

"Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org> writes:

> I'm sure you are well aware of the vulnerability with Log4j.  We are
> needing to determine if the application Emacs is vulnerable.  If so,
> do you plan on creating a patch or have a plan to patch?

I've grepped for "log4j" in the Emacs repository and it didn't return
any results, so I'd say Emacs is not vulnerable.
Added tag(s) notabug. Request was from Stefan Kangas <stefan <at> marxist.se> to control <at> debbugs.gnu.org. (Tue, 21 Dec 2021 17:49:02 GMT) Full text and rfc822 format available.
Reply sent to Dmitry Gutov <dgutov <at> yandex.ru>:
You have taken responsibility. (Tue, 21 Dec 2021 17:52:02 GMT) Full text and rfc822 format available.
Notification sent to "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>:
bug acknowledged by developer. (Tue, 21 Dec 2021 17:52:02 GMT) Full text and rfc822 format available.

Message #18 received at 52707-done <at> debbugs.gnu.org (full text, mbox):

From: Dmitry Gutov <dgutov <at> yandex.ru>
To: "Terry,Samantha" <Samantha.Terry <at> SanfordHealth.org>,
 52707-done <at> debbugs.gnu.org
Subject: Re: bug#52707: Log4j Shell Vulnerability
Date: Tue, 21 Dec 2021 20:49:43 +0300

On 21.12.2021 18:21, Terry,Samantha wrote:
> I’m sure you are well aware of the vulnerability with Log4j.  We are 
> needing to determine if the application Emacs is vulnerable.

It does not. Emacs doesn't use Java in its implementation, nor JVM itself.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 19 Jan 2022 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 202 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.