|
Message-ID: <87o7ahe85l.fsf@localhost> Date: Wed, 10 Apr 2024 12:04:06 +0000 From: Ihor Radchenko <yantar92@...teo.net> To: Sean Whitton <spwhitton@...hitton.name> Cc: emacs@...kages.debian.org, emacs-devel@....org, oss-security@...ts.openwall.com Subject: Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton <spwhitton@...hitton.name> writes: > Hmm, thank you, but let me ask a follow-up question: do you agree with > me that there is only one security flaw covered by these two CVEs, and > CVE-2024-30203 is the superfluous one? Yes, CVE-2024-30203 title is superfluous. And CVE-2024-30204 title is not accurate - it only applies to certain attachments with specific (text/x-org) mime type. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.