Date: Tue, 12 Sep 2017 20:08:00 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: Paul Eggert <eggert@...ucla.edu> Cc: oss-security@...ts.openwall.com Subject: Re: GNU Emacs 25.2 enriched text remote code execution * Paul Eggert: > == Mitigation == > > To work around the bug in unfixed versions of Emacs, put the following code in > your personal or site-wide Emacs init file (~/.emacs, ~/emacs.d/init.el, > site-start.el): > > ;; Mitigate Bug#28350 (security) in Emacs 25.2 and earlier. > (eval-after-load "enriched" > '(defun enriched-decode-display-prop (start end &optional param) > (list start end))) This does not override the function in all cases when enriched is loaded. Something like this would be more reliable, but it will of course slow down the starting of Emacs: (require 'enriched) (defun enriched-decode-display-prop (start end &optional param) (list start end))
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.