oss-security - Re: Is CVE-2024-30203 bogus? (Emacs)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 10 Apr 2024 12:04:06 +0000
From: Ihor Radchenko <yantar92@...teo.net>
To: Sean Whitton <spwhitton@...hitton.name>
Cc: emacs@...kages.debian.org, emacs-devel@....org,
 oss-security@...ts.openwall.com
Subject: Re: Is CVE-2024-30203 bogus? (Emacs)

Sean Whitton <spwhitton@...hitton.name> writes:

> Hmm, thank you, but let me ask a follow-up question: do you agree with
> me that there is only one security flaw covered by these two CVEs, and
> CVE-2024-30203 is the superfluous one?

Yes, CVE-2024-30203 title is superfluous.
And CVE-2024-30204 title is not accurate - it only applies to
certain attachments with specific (text/x-org) mime type.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.