Re: Request to backport fix for CVE-2022-45939 to Emacs 28

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request to backport fix for CVE-2022-45939 to Emacs 28

From:	Robert Pluim
Subject:	Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Date:	Tue, 14 Feb 2023 09:13:40 +0100

>>>>> On Mon, 13 Feb 2023 22:47:07 +0200, Eli Zaretskii <eliz@gnu.org> said:

    >> Date: Mon, 13 Feb 2023 12:15:50 -0600
    >> From: Troy Hinckley <comms@dabrev.com>
    >> 
    >> My company will not allow an install of Emacs 28 due to CVE-2022-45939. 
There is a patch for this in the
    >> master branch, but it did not make it in time for Emacs 28.2. We have 
many Emacs users who would like to
    >> upgrade to 28. What would be the effort to back port this fix and do an 
Emacs 28.3 release?

    Eli> Unfortunately, we don't have the resources to produce another v28.x
    Eli> release.  Emacs 29.1 will start its pretest soon, and will have this
    Eli> issue resolved when it is released, hopefully in a couple of months.

    Eli> Alternatively, you could ask the distro which you are using (if you
    Eli> are using a distro) to backport that patch to the Emacs 28 codebase.
    Eli> Or patch the sources yourself and build Emacs, if that is how you
    Eli> produce the binaries.

Or for minimal effort: donʼt install the emacs-28 'etags'

Robert
--

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Request to backport fix for CVE-2022-45939 to Emacs 28, (continued)

Prev by Date: Re: [External] : Re: A feature to go to last edit locations
Next by Date: Re: Finalizing 'inhibit-automatic-native-compilation'
Previous by thread: Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Next by thread: server.el test failures (was: Re: bug#9800: Incomplete truncated file buffers from the /proc filesystem)
Index(es):
- Date
- Thread