[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Request to backport fix for CVE-2022-45939 to Emacs 28
From: |
lux |
Subject: |
Re: Request to backport fix for CVE-2022-45939 to Emacs 28 |
Date: |
Fri, 17 Feb 2023 10:35:43 +0800 |
User-agent: |
Evolution 3.46.3 (3.46.3-1.fc37) |
On Thu, 2023-02-16 at 20:44 -0500, Lynn Winebarger wrote:
> On Tue, Feb 14, 2023 at 12:06 PM Troy Hinckley <comms@dabrev.com>
> wrote:
> >
> > If the commit was cherry picked to the emacs-28 branch, does that
> > mean it’s just unreleased changes for Emacs 28? We are building
> > from source, so that might be enough. I didn’t realize cutting a
> > release was high effort.
>
> FWIW, I suspect a lot of users get automated updates from their
> packager of choice, whether it's linux distro, Cygwin, MSYS2, or
> whatever. If you look at their source packages, they routinely apply
> these kinds of changes as updates to older releases. Even if you
> don't use that packager, you can still use their source package for
> Emacs to get a version with the relevant security patches.
Most Linux distributions rely on public CVE information for security
updates, I fixed 4 vulnerabilities[1], but to date, only one
vulnerability has been assigned a CVE number (CVE-2022-45939), so most
Linux distributions have not fixed the other three vulnerabilities.
Depending on the distro security updates are only available for Linux,
BSD etc, while Windows users cannot update automatically.
[1] patches:
-
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
-
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
-
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
-
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
- Request to backport fix for CVE-2022-45939 to Emacs 28, Troy Hinckley, 2023/02/13
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/15
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Richard Stallman, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Jim Porter, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Eli Zaretskii, 2023/02/16
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Stefan Kangas, 2023/02/17
- Re: Request to backport fix for CVE-2022-45939 to Emacs 28, Robert Pluim, 2023/02/17