[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ANNOUNCE] Emacs 25.3 released
From: |
Phillip Lord |
Subject: |
Re: [ANNOUNCE] Emacs 25.3 released |
Date: |
Tue, 12 Sep 2017 17:46:39 -0000 |
User-agent: |
SquirrelMail/1.5.2 [SVN] |
On Tue, September 12, 2017 4:06 pm, Roland Winkler wrote:
> On Mon, Sep 11 2017, Nicolas Petton wrote:
>
>> This vulnerability was introduced in Emacs 19.29. To work around that
>> in Emacs versions before 25.3, append the following to your ~/.emacs init
>> file:
>>
>>
>> (eval-after-load "enriched"
>> '(defun enriched-decode-display-prop (start end &optional param)
>> (list start end)))
>>
>
> Many users may have the problem that they cannot upgrade immediately to
> 25.3. Is it fair to say that putting the above lines of code in
> ~/.emacs fully protects the user from the vulnerability? If yes, we may
> want to advertise these lines of code more broadly. Or do the above lines
> of code provide only an incomplete fix? Then, what can users do instead
> when they still have to use older versions of emacs?
What do we not put a "vulnerability" package onto ELPA, then install this
by default. This way, new emacs releases would provide an automatic
mechanism for fixing vulnerabilities. And, for old emacs, the advice would
be "M-x package-install vulnerability".
- Re: [ANNOUNCE] Emacs 25.3 released, (continued)
- Re: [ANNOUNCE] Emacs 25.3 released, Eli Zaretskii, 2017/09/12
- Re: [ANNOUNCE] Emacs 25.3 released, Nicolas Petton, 2017/09/12
- Re: [ANNOUNCE] Emacs 25.3 released, Richard Stallman, 2017/09/13
- Re: [ANNOUNCE] Emacs 25.3 released, Ulrich Mueller, 2017/09/13
- Re: [ANNOUNCE] Emacs 25.3 released, Richard Stallman, 2017/09/13
- Re: [ANNOUNCE] Emacs 25.3 released, Ulrich Mueller, 2017/09/14
- Re: Emacs 25.3 released, Etienne Prud’homme, 2017/09/14
- Re: Emacs 25.3 released, Nicolas Petton, 2017/09/14
- Re: [ANNOUNCE] Emacs 25.3 released, Richard Stallman, 2017/09/14
Re: [ANNOUNCE] Emacs 25.3 released, Eli Zaretskii, 2017/09/12
Re: [ANNOUNCE] Emacs 25.3 released,
Phillip Lord <=
- Re: [ANNOUNCE] Emacs 25.3 released, Stefan Monnier, 2017/09/12
- security-patches package (was: [ANNOUNCE] Emacs 25.3 released), Ted Zlatanov, 2017/09/14
- Re: security-patches package, Stefan Monnier, 2017/09/15
- Re: security-patches package, Ted Zlatanov, 2017/09/16
- Re: security-patches package, Phillip Lord, 2017/09/21
- Re: security-patches package, Stefan Monnier, 2017/09/21
- Message not available
- Re: security-patches package, Phillip Lord, 2017/09/25
Re: security-patches package, Ted Zlatanov, 2017/09/22
Re: security-patches package, Stephen Leake, 2017/09/23
Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released, Clément Pit-Claudel, 2017/09/12