Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

From:	Eli Zaretskii
Subject:	Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date:	Wed, 08 Mar 2023 16:13:04 +0200

> From: Po Lu <luangruo@yahoo.com>
> Cc: emacs-devel@gnu.org
> Date: Wed, 08 Mar 2023 18:58:47 +0800
> 
> Ulrich Mueller <ulm@gentoo.org> writes:
> 
> > Sorry, but I've installed this on emacs-29 with an explicit ack from
> > both Eli and Stefan.
> 
> Why was this considered okay for emacs-29?

Because I didn't imagine that Bash could be missing on a GNU/Linux
system.

> IMHO we should stop kow-towing to the information security people who
> make a huge fuss over every single bug, especially bugs like this one
> which only show up when you specifically try to trigger them.

Good luck with that!

This is a losing battle, so I suggest you save your time and energy
for more productive discussions.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, (continued)

Prev by Date: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Next by Date: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Previous by thread: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Next by thread: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Index(es):
- Date
- Thread