From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/18708
Path: news.gmane.org!.POSTED!not-for-mail
From: Reiner Steib <reinersteib@gmail.com>
Newsgroups: gmane.emacs.gnus.general,gmane.emacs.gnus.user
Subject: Security: Gnus & GNU Emacs 25.2 enriched text remote code execution
Date: Mon, 11 Sep 2017 23:57:20 +0200
Message-ID: <yzsvakodhkv.fsf@marauder.physik.uni-ulm.de>
Reply-To: Reiner Steib <Reiner.Steib@gmx.de>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1505167226 32591 195.159.176.226 (11 Sep 2017 22:00:26 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 11 Sep 2017 22:00:26 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
To: info-gnus-english@gnu.org, ding@gnus.org
Original-X-From: ding-owner+m35876@lists.math.uh.edu Tue Sep 12 00:00:18 2017
Return-path: <ding-owner+m35876@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from mxfilter-048035.atla03.us.yomura.com ([107.189.48.35])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <ding-owner+m35876@lists.math.uh.edu>)
	id 1drWkP-0007VT-2N
	for ding-account@gmane.org; Tue, 12 Sep 2017 00:00:05 +0200
X-Yomura-MXScrub: 1.0
Original-Received: from lists1.math.uh.edu (unknown [129.7.128.208])
	by mxfilter-048035.atla03.us.yomura.com (Halon) with ESMTPS
	id 9433047b-973c-11e7-9af4-b499baabecb2;
	Mon, 11 Sep 2017 22:00:10 +0000 (UTC)
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by lists1.math.uh.edu with smtp (Exim 4.87)
	(envelope-from <ding-owner+M35876@lists.math.uh.edu>)
	id 1drWjU-0005fD-9n; Mon, 11 Sep 2017 16:59:08 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by lists1.math.uh.edu with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.87)
	(envelope-from <junkmaster@quimby.gnus.org>)
	id 1drWiH-0005do-32
	for ding@lists.math.uh.edu; Mon, 11 Sep 2017 16:57:53 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128)
	(Exim 4.87)
	(envelope-from <junkmaster@quimby.gnus.org>)
	id 1drWiF-0007mA-Oe
	for ding@lists.math.uh.edu; Mon, 11 Sep 2017 16:57:52 -0500
Original-Received: from mail-wm0-f53.google.com ([74.125.82.53])
	by quimby.gnus.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80)
	(envelope-from <reinersteib@gmail.com>)
	id 1drWht-0001XE-18
	for ding@gnus.org; Mon, 11 Sep 2017 23:57:35 +0200
Original-Received: by mail-wm0-f53.google.com with SMTP id f199so49480809wme.0
        for <ding@gnus.org>; Mon, 11 Sep 2017 14:57:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:reply-to:mail-copies-to:date:message-id:user-agent
         :mime-version;
        bh=uujcyV2G0cmAaht5eN01WabhvWWWAd/EcwzK4WSXojM=;
        b=Fwom8/ZGv+JgoE6xbTK4tlXe+XhkK9UWdI+hoD2fXpvp+SQw7MlP8vph2X78WxnCHt
         9+QEaCDfTQglD8ec5zB9VLB52nBkPofZ0cLVvDLS+IplsmE5Gu3LxcIBkwyKWzO/f5O4
         kKY/I9a5Ro3tl9qh9p9EkOWS5H3Lc1mfAWwC35F/KOChOA7vaBBAwkoL4jVN5t1vrp5d
         RPNugOq0YHSJlNp4+GXFCuf/bHC3rvhF0mMa3HJHpCAVGG6qZJGmv4L8YQURdv27/6Zi
         flFvoHj/M1MbqJIGxCX10k4jo9l7ytGS16Xwl8h6GyxQ10psantNE0cNKZQnAgtvo6BJ
         2I2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:reply-to:mail-copies-to:date
         :message-id:user-agent:mime-version;
        bh=uujcyV2G0cmAaht5eN01WabhvWWWAd/EcwzK4WSXojM=;
        b=iKHsopbKeYr1CAfLbz3sPqE5Pue8/6sp0/5zoWRCQOKxUBh71UiMewd3LcQlvrQOjR
         Bw6/rZDFWKhQx0Yp2nOgb3U+4SVXRAL+MPcj6DYfUvmyp5enl659J0dVWF3Ncsh27dLP
         7ttfoWdjkJrsE4GAogXWs86bkeT+4qEr/KSNVyDiPA3H1Ouv4Q8uunXmYLN42eSK+e1S
         UUFZAh6An5cLyHuJwWehlF2/lG/6issKUZ6DGWpoKmQxdBlfZyRVhF1E5Dwbw+/5rlvi
         hHPcdRa+zqDRnv4CLtymnIi/yVLLVdmooW0lsCU9+690QSnB7piiF51wZHDe5CW+nKaJ
         0zjg==
X-Gm-Message-State: AHPjjUhMZgleT8rcPK4/ziAj9+Cw3CzwDeFXtHTYQK4Irscpn3S82PpN
	ZPdidJNLwK/bBIfv
X-Google-Smtp-Source: ADKCNb6LHZ8lGZf2Vq6Bl6J3fRceM0fzgd7X72IhqcS/8RdCwh3yROK3p1m9lYvIk40qprt+w0FAjw==
X-Received: by 10.80.224.201 with SMTP id j9mr10553420edl.216.1505167042975;
        Mon, 11 Sep 2017 14:57:22 -0700 (PDT)
Original-Received: from t530 (x5f749268.dyn.telefonica.de. [95.116.146.104])
        by smtp.gmail.com with ESMTPSA id s14sm4485535edk.89.2017.09.11.14.57.21
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 11 Sep 2017 14:57:22 -0700 (PDT)
X-Google-Original-From: Reiner Steib <reiner.steib+gmane-2017@gmail.com>
X-Face: 1;h7XMU[7l}$T@J.D}5z*w8Tg'}B5ArAWc8>2X~otB;kOjKs8X%|hTC#dG:%Vpx")x7S/`v
 :VXU#fZW$X$zdhEU.RfVQ@<-m9IuN{Hm"fW{,5]6kR'M*vEs+{5Cj!L(JTRzA$(},?5J=sm;%Od<wF
 n1tFjn=\ebMD[/DscC9744!blS5-Dv$;1+XwE%^"5_m:{((&;\^I,d-B,DlxRl{qX=`qGHSuz*u9(_
 #@5fNMe%j-vp[[P.L^xFvkpFgC7oivb)!]
Mail-Copies-To: nobody
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:87661 gmane.emacs.gnus.user:18708
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/87661>

Emacs 25.3 is an emergency release to fix a security vulnerability
that is exploitable remotely in Emacs-based mail clients (such as
Gnus).

Please update to Emacs 25.3 as soon as possible:
http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html

To work around the bug in Emacs versions before 25.3, put the
following code in your personal or site-wide Emacs init file
(~/.emacs, ~/emacs.d/init.el, site-start.el):

  (eval-after-load "enriched"
    '(defun enriched-decode-display-prop (start end &optional param)
       (list start end)))

See also <http://www.openwall.com/lists/oss-security/2017/09/11/1>.

Bye, Reiner.