bug#63063: CVE-2021-36699 report

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#63063: CVE-2021-36699 report

From:	lux
Subject:	bug#63063: CVE-2021-36699 report
Date:	Wed, 26 Apr 2023 00:37:33 +0800
User-agent:	Evolution 3.48.0 (3.48.0-1.fc38)

On Tue, 2023-04-25 at 18:17 +0200, Robert Pluim wrote:
> > > > > > On Tue, 25 Apr 2023 19:01:47 +0300, Eli Zaretskii
> > > > > > <eliz@gnu.org> said:
> 
>     >> From: lux <lx@shellcodes.org>
>     >> Cc: 63063@debbugs.gnu.org, fuo@fuo.fi
>     >> Date: Tue, 25 Apr 2023 23:54:33 +0800
>     >> 
>     >> I think if the reported CVEs are real and valid, they should
> be taken
>     >> seriously.
> 
>     Eli> I agree, but in this case all I see is a convoluted way of
> having
>     Eli> Emacs crash.  That's not a security problem in my book.
> 
> "Itʼs a denial of service attack. You MUST fix it. Whereʼs my fee?"
> 
> (sorry, I too deal with this kind of stuff far too often).
> 
> Robert

I have to face this problem every day.

Yes, I'm faced with many meaningless CVE numbers every day.

So I hope the submitter will give the details and the developer will
decide to ignore, fix urgently, or postpone the fix depending on the
level of harm.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#63063: CVE-2021-36699 report, (continued)
- bug#63063: CVE-2021-36699 report, fuomag9, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25

Prev by Date: bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable.
Next by Date: bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable.
Previous by thread: bug#63063: CVE-2021-36699 report
Next by thread: bug#63063: CVE-2021-36699 report
Index(es):
- Date
- Thread