* Security: Gnus & GNU Emacs 25.2 enriched text remote code execution
@ 2017-09-11 21:57 Reiner Steib
2017-09-12 4:14 ` Byung-Hee HWANG (황병희, 黃炳熙)
0 siblings, 1 reply; 5+ messages in thread
From: Reiner Steib @ 2017-09-11 21:57 UTC (permalink / raw)
To: info-gnus-english, ding
Emacs 25.3 is an emergency release to fix a security vulnerability
that is exploitable remotely in Emacs-based mail clients (such as
Gnus).
Please update to Emacs 25.3 as soon as possible:
http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html
To work around the bug in Emacs versions before 25.3, put the
following code in your personal or site-wide Emacs init file
(~/.emacs, ~/emacs.d/init.el, site-start.el):
(eval-after-load "enriched"
'(defun enriched-decode-display-prop (start end &optional param)
(list start end)))
See also <http://www.openwall.com/lists/oss-security/2017/09/11/1>.
Bye, Reiner.
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Security: Gnus & GNU Emacs 25.2 enriched text remote code execution
2017-09-11 21:57 Security: Gnus & GNU Emacs 25.2 enriched text remote code execution Reiner Steib
@ 2017-09-12 4:14 ` Byung-Hee HWANG (황병희, 黃炳熙)
2017-09-12 9:48 ` Bjørn Mork
0 siblings, 1 reply; 5+ messages in thread
From: Byung-Hee HWANG (황병희, 黃炳熙) @ 2017-09-12 4:14 UTC (permalink / raw)
To: ding
In Article <yzsvakodhkv.fsf@marauder.physik.uni-ulm.de>,
Reiner Steib <reinersteib@gmail.com> writes:
> Emacs 25.3 is an emergency release to fix a security vulnerability
> that is exploitable remotely in Emacs-based mail clients (such as
> Gnus).
>
> Please update to Emacs 25.3 as soon as possible:
> http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html
>
> To work around the bug in Emacs versions before 25.3, put the
> following code in your personal or site-wide Emacs init file
> (~/.emacs, ~/emacs.d/init.el, site-start.el):
>
> (eval-after-load "enriched"
> '(defun enriched-decode-display-prop (start end &optional param)
> (list start end)))
>
> See also <http://www.openwall.com/lists/oss-security/2017/09/11/1>.
By the way, my emacs version is 23.3. Gnus version Ma Gnus 0.15. Hey i am
dangerous? Please ...
Sincerely, Byung-Hee.
--
^고맙습니다 _白衣從軍_ 감사합니다_^))//
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security: Gnus & GNU Emacs 25.2 enriched text remote code execution
2017-09-12 4:14 ` Byung-Hee HWANG (황병희, 黃炳熙)
@ 2017-09-12 9:48 ` Bjørn Mork
2017-09-12 11:31 ` Byung-Hee HWANG (황병희, 黃炳熙)
0 siblings, 1 reply; 5+ messages in thread
From: Bjørn Mork @ 2017-09-12 9:48 UTC (permalink / raw)
To: Byung-Hee HWANG "(황병희,
黃炳熙)"
Cc: ding
soyeomul@doraji.xyz (Byung-Hee HWANG "(황병희, 黃炳熙)") writes:
> In Article <yzsvakodhkv.fsf@marauder.physik.uni-ulm.de>,
> Reiner Steib <reinersteib@gmail.com> writes:
>
>> Emacs 25.3 is an emergency release to fix a security vulnerability
>> that is exploitable remotely in Emacs-based mail clients (such as
>> Gnus).
>>
>> Please update to Emacs 25.3 as soon as possible:
>> http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html
>>
>> To work around the bug in Emacs versions before 25.3, put the
>> following code in your personal or site-wide Emacs init file
>> (~/.emacs, ~/emacs.d/init.el, site-start.el):
>>
>> (eval-after-load "enriched"
>> '(defun enriched-decode-display-prop (start end &optional param)
>> (list start end)))
>>
>> See also <http://www.openwall.com/lists/oss-security/2017/09/11/1>.
>
> By the way, my emacs version is 23.3. Gnus version Ma Gnus 0.15. Hey i am
> dangerous? Please ...
Quoting from the announcement referred to above:
"This vulnerability was introduced in Emacs 19.29."
So, yes, your emacs version is vulnerable.
Bjørn
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security: Gnus & GNU Emacs 25.2 enriched text remote code execution
2017-09-12 9:48 ` Bjørn Mork
@ 2017-09-12 11:31 ` Byung-Hee HWANG (황병희, 黃炳熙)
2017-09-14 14:44 ` Ted Zlatanov
0 siblings, 1 reply; 5+ messages in thread
From: Byung-Hee HWANG (황병희, 黃炳熙) @ 2017-09-12 11:31 UTC (permalink / raw)
To: ding
In Article <87ingomem8.fsf@miraculix.mork.no>,
Bjørn Mork <bjorn@mork.no> writes:
> soyeomul@doraji.xyz (Byung-Hee HWANG "(황병희, 黃炳熙)") writes:
>> In Article <yzsvakodhkv.fsf@marauder.physik.uni-ulm.de>,
>> Reiner Steib <reinersteib@gmail.com> writes:
>>
>>> Emacs 25.3 is an emergency release to fix a security vulnerability
>>> that is exploitable remotely in Emacs-based mail clients (such as
>>> Gnus).
>>>
>>> Please update to Emacs 25.3 as soon as possible:
>>> http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html
>>>
>>> To work around the bug in Emacs versions before 25.3, put the
>>> following code in your personal or site-wide Emacs init file
>>> (~/.emacs, ~/emacs.d/init.el, site-start.el):
>>>
>>> (eval-after-load "enriched"
>>> '(defun enriched-decode-display-prop (start end &optional param)
>>> (list start end)))
>>>
>>> See also <http://www.openwall.com/lists/oss-security/2017/09/11/1>.
>>
>> By the way, my emacs version is 23.3. Gnus version Ma Gnus 0.15. Hey i am
>> dangerous? Please ...
>
> Quoting from the announcement referred to above:
>
> "This vulnerability was introduced in Emacs 19.29."
>
> So, yes, your emacs version is vulnerable.
So i just put the code in ~/.emacs of mine [1]. And my emacs version is
23.3. Still i am dangerous?
Sincerely, Byung-Hee.
[1] https://raw.githubusercontent.com/soyeomul/Gnus/MaGnus/dot.emacs.el
--
^고맙습니다 _布德天下_ 감사합니다_^))//
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-09-14 14:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-11 21:57 Security: Gnus & GNU Emacs 25.2 enriched text remote code execution Reiner Steib
2017-09-12 4:14 ` Byung-Hee HWANG (황병희, 黃炳熙)
2017-09-12 9:48 ` Bjørn Mork
2017-09-12 11:31 ` Byung-Hee HWANG (황병희, 黃炳熙)
2017-09-14 14:44 ` Ted Zlatanov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).