oss-sec mailing list archives
Re: GNU Emacs 25.2 enriched text remote code execution
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 12 Sep 2017 20:08:00 +0200
* Paul Eggert:
== Mitigation == To work around the bug in unfixed versions of Emacs, put the following code in your personal or site-wide Emacs init file (~/.emacs, ~/emacs.d/init.el, site-start.el): ;; Mitigate Bug#28350 (security) in Emacs 25.2 and earlier. (eval-after-load "enriched" '(defun enriched-decode-display-prop (start end &optional param) (list start end)))
This does not override the function in all cases when enriched is loaded. Something like this would be more reliable, but it will of course slow down the starting of Emacs: (require 'enriched) (defun enriched-decode-display-prop (start end &optional param) (list start end))
Current thread:
- GNU Emacs 25.2 enriched text remote code execution Paul Eggert (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 14)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Florian Weimer (Sep 12)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)