[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2017-14482 - Red Hat Customer Portal
From: |
Eli Zaretskii |
Subject: |
Re: CVE-2017-14482 - Red Hat Customer Portal |
Date: |
Sat, 23 Sep 2017 16:12:46 +0300 |
> From: Óscar Fuentes <ofv@wanadoo.es>
> Date: Sat, 23 Sep 2017 14:53:36 +0200
>
> charles@aurox.ch (Charles A. Roelli) writes:
>
> > The code that caused CVE-2017-14482 (aka Bug#28350) was 100% correct.
> > It was also far too powerful, so its behavior had to be properly
> > limited.
>
> The two sentences above are contradictory.
Not really. But they don't tell the whole story: the vulnerability
was actually caused by Gnus, MH-E, and perhaps other MUAs who decided
to automatically support enriched text, without checking the code
first. Otherwise, enriched.el per se has/had no problem whatsoever.
- Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Charles A. Roelli, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal,
Eli Zaretskii <=
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Yuri Khan, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Philipp Stephani, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Robert Thorpe, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Stefan Monnier, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29