Re: 2023-02-27 Emacs news

* Emanuel Berg [2023-02-28 06:26]: > Maybe the Emacs community _is_ big, after all ... > > > - Security: > > - [CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute > > commands via shell metacharacters in the name of a source-code file] > > (

Re: 2023-02-27 Emacs news

On Tue, 28 Feb 2023 at 18:51, Jean Louis wrote: > But... it is source, one can put anything inside like > (shell-command "sudo rm -rf /") > > Those "CVE" bugs are exaggerated. > > Like this one: > > https://security-tracker.debian.org/tracker/CVE-2022-48338 > "malicious Ruby source files may caus

Re: 2023-02-27 Emacs news

On 28/02/2023 16:05, Yuri Khan wrote: If you open a malicious source file in an editor, you don’t expect it to execute any code written within, surely not before you press the Run key. If opening a file for editing trashes your home directory, it’s a bug and a vulnerability. If opening a file for

Re: 2023-02-27 Emacs news

On Wed, 1 Mar 2023 at 01:08, Dmitry Gutov wrote: > > On 28/02/2023 16:05, Yuri Khan wrote: > > If you open a malicious source file in an editor, you don’t expect it > > to execute any code written within, surely not before you press the > > Run key. If opening a file for editing trashes your home

Re: 2023-02-27 Emacs news

On 28/02/2023 20:56, Yuri Khan wrote: On Wed, 1 Mar 2023 at 01:08, Dmitry Gutov wrote: On 28/02/2023 16:05, Yuri Khan wrote: If you open a malicious source file in an editor, you don’t expect it to execute any code written within, surely not before you press the Run key. If opening a file for