GNU bug report logs - #72245
[PATCH] Fix integer overflow when reading XPM

Previous Next

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 22 Jul 2024 14:37:02 UTC

Severity: minor

Tags: patch

Fixed in version 31.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: luangruo <at> yahoo.com, 72245 <at> debbugs.gnu.org
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Date: Tue, 23 Jul 2024 14:39:42 -0700

Eli Zaretskii <eliz <at> gnu.org> writes:

>> Cc: 72245 <at> debbugs.gnu.org
>> From: Stefan Kangas <stefankangas <at> gmail.com>
>> Date: Tue, 23 Jul 2024 07:51:29 -0700
>>
>> That said, since you are asking, we are indeed discussing security
>> sensitive code, that is executed without prompting, for example, when
>> users receive emails or browse the web.
>
> Only in some MUAs, yes?  For example, Rmail doesn't by default show
> the images (or any other attachments), it requires a user action to do
> so.

Yes, and it's presumably also dependent on user options.

I'd hope that most MUAs disable showing images by default (notmuch
does), but I didn't check.

This bug report was last modified 264 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #72245 [PATCH] Fix integer overflow when reading XPM

GNU bug report logs - #72245
[PATCH] Fix integer overflow when reading XPM