emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request to backport fix for CVE-2022-45939 to Emacs 28

From: lux
Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Date: Tue, 14 Feb 2023 13:07:44 +0800
User-agent: Evolution 3.46.3 (3.46.3-1.fc37) 
On Mon, 2023-02-13 at 22:47 +0200, Eli Zaretskii wrote:
> > Date: Mon, 13 Feb 2023 12:15:50 -0600
> > From: Troy Hinckley <comms@dabrev.com>
> > 
> > My company will not allow an install of Emacs 28 due to CVE-2022-
> > 45939. There is a patch for this in the
> > master branch, but it did not make it in time for Emacs 28.2. We
> > have many Emacs users who would like to
> > upgrade to 28. What would be the effort to back port this fix and
> > do an Emacs 28.3 release?
> 
> Unfortunately, we don't have the resources to produce another v28.x
> release.  Emacs 29.1 will start its pretest soon, and will have this
> issue resolved when it is released, hopefully in a couple of months.
> 
> Alternatively, you could ask the distro which you are using (if you
> are using a distro) to backport that patch to the Emacs 28 codebase.
> Or patch the sources yourself and build Emacs, if that is how you
> produce the binaries.
> 

Hi, I can fix the CVE-2022-45939, this is a patch.

Eli, can you merge into emacs-28 branch?

Attachment: 0001-lib-src-etags.c-Fix-CVE-2022-45939.patch
Description: Text Data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]