Vladimir G. Ivanovic writes:
Is there an established procedure for dealing with bugs like the
following? Is there an established for noticing & tracking security
No and no. If somebody has time to fix such things, that would be
nice, but there are so many ways to get code executed in Emacsen I
shiver to think there's anybody out there who would refuse to use an
Emacs without a patch for this bug, but would use an Emacs with a
patch for it.
Before we go spending energy on alleged security bugs, we should think
more carefully about what we want our security posture to be. I note
that the Python developers eventually gave up on "restricted mode",
Absent any instruction, I will file a high priority bug. (Is it
possible mark bugs as security-related in Tracker?)
Yes, in the severity field, there's a "security" tag.
XEmacs-Beta mailing list