Date: Tue, 12 Sep 2017 07:22:51 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: GNU Emacs 25.2 enriched text remote code execution Hi On Mon, Sep 11, 2017 at 08:58:57PM +0200, Salvatore Bonaccorso wrote: > Hi Paul, > > On Sun, Sep 10, 2017 at 11:56:20PM -0700, Paul Eggert wrote: > > GNU Emacs is an extensible, customizable, free/libre text editor and > > software environment. When Emacs renders MIME text/enriched data (Internet > > RFC 1896), it is vulnerable to arbitrary code execution. Since Emacs-based > > mail clients decode "Content-Type: text/enriched", this code is exploitable > > remotely. This bug affects GNU Emacs versions 19.29 through 25.2. > > > > Although we know no efforts to exploit this in the wild, exploitation is easy. > [...] > > == Timeline == > > > > 2017-09-04. Bug reported to the Emacs bug tracker by Charles A. Roelli. > > > > 2017-09-07. POC for remote code execution sent to the maintainers of Emacs > > and Gnus (Reiner Steib <Reiner.Steib@....de>, private mail). > > > > 2017-09-08. Patch (by Lars Ingebrigtsen <larsi@...s.org>) to disable the > > problematic code and mitigation (private mail). > > > > 2017-09-09. Patch committed in main development repository. > > Have you requested a CVE for this issue? FTR, it seems this was submitted to DWF already as per: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350#63 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ