Gentoo security alert 200902-06 (emacs)
Stephen J. Turnbull
stephen at xemacs.org
Thu Feb 26 19:05:08 EST 2009
Vladimir G. Ivanovic writes:
> Is there an established procedure for dealing with bugs like the
> following? Is there an established for noticing & tracking security
> issues?
No and no. If somebody has time to fix such things, that would be
nice, but there are so many ways to get code executed in Emacsen I
shiver to think there's anybody out there who would refuse to use an
Emacs without a patch for this bug, but would use an Emacs with a
patch for it.
Before we go spending energy on alleged security bugs, we should think
more carefully about what we want our security posture to be. I note
that the Python developers eventually gave up on "restricted mode",
etc.
> Absent any instruction, I will file a high priority bug. (Is it
> possible mark bugs as security-related in Tracker?)
Yes, in the severity field, there's a "security" tag.
More information about the XEmacs-Beta
mailing list