GNU bug report logs - #63063
CVE-2021-36699 report

Previous Next

Full log

Message #62 received at 63063 <at> debbugs.gnu.org (full text, mbox):

From: lux <lx <at> shellcodes.org>
To: Robert Pluim <rpluim <at> gmail.com>, Eli Zaretskii <eliz <at> gnu.org>
Cc: luangruo <at> yahoo.com, 63063 <at> debbugs.gnu.org, fuo <at> fuo.fi
Subject: Re: bug#63063: CVE-2021-36699 report
Date: Wed, 26 Apr 2023 00:37:33 +0800

On Tue, 2023-04-25 at 18:17 +0200, Robert Pluim wrote:
> > > > > > On Tue, 25 Apr 2023 19:01:47 +0300, Eli Zaretskii
> > > > > > <eliz <at> gnu.org> said:
> 
>     >> From: lux <lx <at> shellcodes.org>
>     >> Cc: 63063 <at> debbugs.gnu.org, fuo <at> fuo.fi
>     >> Date: Tue, 25 Apr 2023 23:54:33 +0800
>     >> 
>     >> I think if the reported CVEs are real and valid, they should
> be taken
>     >> seriously.
> 
>     Eli> I agree, but in this case all I see is a convoluted way of
> having
>     Eli> Emacs crash.  That's not a security problem in my book.
> 
> "Itʼs a denial of service attack. You MUST fix it. Whereʼs my fee?"
> 
> (sorry, I too deal with this kind of stuff far too often).
> 
> Robert

I have to face this problem every day.

Yes, I'm faced with many meaningless CVE numbers every day.

So I hope the submitter will give the details and the developer will
decide to ignore, fix urgently, or postpone the fix depending on the
level of harm.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.