From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/87668 Path: news.gmane.org!.POSTED!not-for-mail From: soyeomul@doraji.xyz (Byung-Hee HWANG =?utf-8?B?KO2Zqeuzke2drCwg6buD?= =?utf-8?B?54Kz54aZKQ==?=) Newsgroups: gmane.emacs.gnus.general Subject: Re: Security: Gnus & GNU Emacs 25.2 enriched text remote code execution Date: Tue, 12 Sep 2017 20:31:07 +0900 Organization: =?utf-8?B?6YeR6Zm1ICjmt7XmupDsnZgg66eI7J2MKQ==?= Message-ID: References: <87ingomem8.fsf@miraculix.mork.no> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: blaine.gmane.org 1505334713 24175 195.159.176.226 (13 Sep 2017 20:31:53 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 13 Sep 2017 20:31:53 +0000 (UTC) User-Agent: Gnus/5.130015 (Ma Gnus v0.15) Emacs/23.3 (gnu/linux) To: ding@gnus.org Original-X-From: ding-owner+m35879@lists.math.uh.edu Tue Sep 12 13:33:14 2017 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from mxfilter-048035.atla03.us.yomura.com ([107.189.48.35]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjR3-00025j-KQ for ding-account@gmane.org; Tue, 12 Sep 2017 13:32:57 +0200 X-Yomura-MXScrub: 1.0 Original-Received: from lists1.math.uh.edu (unknown [129.7.128.208]) by mxfilter-048035.atla03.us.yomura.com (Halon) with ESMTPS id 15267bc3-97ae-11e7-9af4-b499baabecb2; Tue, 12 Sep 2017 11:32:39 +0000 (UTC) Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by lists1.math.uh.edu with smtp (Exim 4.87) (envelope-from ) id 1drjQF-0003TU-B8; Tue, 12 Sep 2017 06:32:07 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by lists1.math.uh.edu with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from ) id 1drjQC-0003Sm-My for ding@lists.math.uh.edu; Tue, 12 Sep 2017 06:32:04 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.87) (envelope-from ) id 1drjQB-0008Us-56 for ding@lists.math.uh.edu; Tue, 12 Sep 2017 06:32:04 -0500 Original-Received: from [195.159.176.226] (helo=blaine.gmane.org) by quimby.gnus.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1drjQ9-0003fW-NN for ding@gnus.org; Tue, 12 Sep 2017 13:32:01 +0200 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1drjPj-00078r-04 for ding@gnus.org; Tue, 12 Sep 2017 13:31:35 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 42 Original-X-Complaints-To: usenet@blaine.gmane.org Face: iVBORw0KGgoAAAANSUhEUgAAACYAAAAmBAMAAABaE/SdAAAAAXNSR0IArs4c6QAAACRQTFRF AAAAISMhMjQxREZEWVtYbnBthYeEmpyZsLKvxsjF3uDd9Pbzh9xQKwAAAAF0Uk5TAEDm2GYAAAAB YktHRACIBR1IAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AgVCRAKKOGdjgAAAhxJREFU KM810j1P20AcBvCT+gZ06yeoqnbq0gG1UViQKEKFBRFAAS9tCokhCxLNC/GCeGly8VK1JLbPC6IQ 23dbceL4ni/XS865zT/5/3KPTUg7GAxk56y8u3NYM3mZFx1C+nbRGK32+teFdx9fVWjqjghZqDz4 v01hyUHLOrXeGFGREHJzaR+IxAdsa/j+Kn94omx+jecQA1LY6AbeGpmcU2YgAVLYuO9dT4k8W4SQ UGzJpPJV29wiugLW2PCjxyOSnRUhbmpLMidk/GVmWzZwBFwA8YeZPUXqJ5YvTdxn7cjCPATUejSq /ptRy41UsWQC4ySzF8mI+sGZSMHkKLOX7aNOxWOUN9neKNBWHTUjzgVnXuRxeqJtQEM1IxWQlHJP m81c5mKMsUs9n07tuRRV9SzCLnhI9Xtkd6OK6YaTuE6yyUYL+nhIf81MJQpDJS2S89l9KQzg0FKp 3urw6rfkCQZQc1XOupuQy2TOZ8eYhJ/quor9l5C9JG00mj4ibfUddzNYO5hMDWWWHlA/z4UFRY/N SrYIZP9z/nhFWf2H+VrbGLxYL39Ho7TffshqVcJX1OkAQ/bzgsz6HQ95uF1l5T9vrwub2iJz6LZp o1NrmszZmt4N+37c6CIMqRM5bTr95li345rp9YOkVTqg4k5bGvOoud29K+c665GzPLENxC71Rf/b p2J+lfYmK2IJcZFzt9Pl/KrExuqH+Q/CVTDob/22AwAAAABJRU5ErkJggg== X-Thanks-XYZ: =?utf-8?B?6KqgwrfmlazCt+S/oQ==?= X-Thanks-HS: =?utf-8?B?XuyynO2VmOywveyDneydhCDri6Qg7IK066as7Iuc66Ck64qU?= =?utf-8?B?IOuniOydjF9eKSkvLw==?= X-Thanks-BS: =?utf-8?B?Xl7sppDqsbDsmrTluIPlvrflpKnkuIte67O0656M7LCs5Zyw?= =?utf-8?B?5LiK5aSp5ZyL5bu66KitX14pKS8v?= X-Thanks-Absolete-Coding-System: UTF-8 X-Operating-System: =?utf-8?B?4omqZGluZ+KJqw==?= -- The Gnus X-Gnus-Lucky-Characters: U+03BB =?utf-8?Q?=28=CE=BB=29?= X-Gnus-Location: Republic of Korea =?utf-8?B?KOuMgO2VnOuvvOq1rSwg5aSn6Z+T?= =?utf-8?B?5rCR5ZyLKQ==?= X-Gnus-Flower: Rhododendron indicum =?utf-8?B?KOyXsOyCsO2ZjQ==?= --- =?utf-8?Q?yw=E2=84=A2=29?= X-Chromebook-Gnus-Window-System-Distributor: `The X.Org Foundation', version 11.0.11501000 X-Chromebook-Gnus-Distro: Ubuntu 12.04.5 LTS (via Crouton) Cancel-Lock: sha1:IWLcQeKpHAJDI4lig3blIVnYZPk= List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:87668 In Article <87ingomem8.fsf@miraculix.mork.no>, Bjørn Mork writes: > soyeomul@doraji.xyz (Byung-Hee HWANG "(황병희, 黃炳熙)") writes: >> In Article , >> Reiner Steib writes: >> >>> Emacs 25.3 is an emergency release to fix a security vulnerability >>> that is exploitable remotely in Emacs-based mail clients (such as >>> Gnus). >>> >>> Please update to Emacs 25.3 as soon as possible: >>> http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html >>> >>> To work around the bug in Emacs versions before 25.3, put the >>> following code in your personal or site-wide Emacs init file >>> (~/.emacs, ~/emacs.d/init.el, site-start.el): >>> >>> (eval-after-load "enriched" >>> '(defun enriched-decode-display-prop (start end &optional param) >>> (list start end))) >>> >>> See also . >> >> By the way, my emacs version is 23.3. Gnus version Ma Gnus 0.15. Hey i am >> dangerous? Please ... > > Quoting from the announcement referred to above: > > "This vulnerability was introduced in Emacs 19.29." > > So, yes, your emacs version is vulnerable. So i just put the code in ~/.emacs of mine [1]. And my emacs version is 23.3. Still i am dangerous? Sincerely, Byung-Hee. [1] https://raw.githubusercontent.com/soyeomul/Gnus/MaGnus/dot.emacs.el -- ^고맙습니다 _布德天下_ 감사합니다_^))//