Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87y19kcle1.fsf@melete.silentflame.com>
Date: Thu, 11 Apr 2024 17:13:26 +0800
From: Sean Whitton <spwhitton@...hitton.name>
To: Salvatore Bonaccorso <carnil@...ian.org>
Cc: oss-security@...ts.openwall.com,  emacs@...kages.debian.org,
  emacs-devel@....org
Subject: Re: Re: Is CVE-2024-30203 bogus? (Emacs)

Hello,

On Wed 10 Apr 2024 at 04:17pm +02, Salvatore Bonaccorso wrote:

> Note that the CVE assignment (by MITRE as assigning CNA) for
> CVE-2024-30203 is explicitly as follows:
>
>> In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
>
> associated with:
>
> https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804

This commit doesn't fix anything at all, just fyi.

> If you think the CVE assignment is not valid, then you might ask for a
> REJECT on https://cveform.mitre.org/ .

Okay, I'll do that, thanks.

-- 
Sean Whitton

Download attachment "signature.asc" of type "application/pgp-signature" (870 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.