Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Apr 2024 16:17:15 +0200
From: Salvatore Bonaccorso <>
Cc: Sean Whitton <>,,
Subject: Re: Re: Is CVE-2024-30203 bogus? (Emacs)


On Wed, Apr 10, 2024 at 12:04:06PM +0000, Ihor Radchenko wrote:
> Sean Whitton <> writes:
> > Hmm, thank you, but let me ask a follow-up question: do you agree with
> > me that there is only one security flaw covered by these two CVEs, and
> > CVE-2024-30203 is the superfluous one?
> Yes, CVE-2024-30203 title is superfluous.
> And CVE-2024-30204 title is not accurate - it only applies to
> certain attachments with specific (text/x-org) mime type.

Note that the CVE assignment (by MITRE as assigning CNA) for
CVE-2024-30203 is explicitly as follows:

> In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

associated with:

If you think the CVE assignment is not valid, then you might ask for a


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.