Received: by 2002:ab2:1347:0:b0:1f4:ac9d:b246 with SMTP id g7csp410436lqg; Thu, 11 Apr 2024 06:51:59 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUvv0WEj1rW26jgGCgN6hA2pqu7V76vLbeuAjPEFqbmc3XYqB0+ZwK9l3SEhHEv8r+YMEZFpFmwxvg3pft1ZPJwoM9QloVrJ0bQZwV6WA== X-Google-Smtp-Source: AGHT+IH2R06G29dRUp6riXknw/6ARMV9RAb0vHX2pULFlLMdU3+xBXUAN+18fiIkRHIAM4Q/WfCz X-Received: by 2002:a05:6102:38ce:b0:47a:4035:3760 with SMTP id k14-20020a05610238ce00b0047a40353760mr493891vst.22.1712843519290; Thu, 11 Apr 2024 06:51:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712843519; cv=none; d=google.com; s=arc-20160816; b=B6u/P1r+DbnfKsExDIgywnrzpIqq38dk5IeoTTaluB4LNSV8tR+clrOhLe2LVR7I8D 9tYZh8EhH5arOJJuDvqReP0CEued7SH4sTo+Ygf5DRLd8PNJt4uo8ihsvbGTKvf418H8 iV1fgi7onD41ny7mnCxHapSxVRXeWjLo34la1BLRLNkIXhQH4N0u1cvilYpYvsQmfSdx LtATtzVv3Hg/ZxSIuVeID1w4SKANyvhYi5D7AXdkkd0Ixjszj0bb0NV5AQ9be61CvrXO OsLYEXrVDnJZz5wFIABtZnZG9stJXfBXa3LoJb6zdH+lcbLv1+cCMcqZKNLxSnmJ9jIy Lp6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:user-agent:message-id:date:references :in-reply-to:cc:to:from:feedback-id:dkim-signature:dkim-signature :delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=XuFkmio5B4kzkblNM4eNxp6uFKhE1gjXdBPpLn9za0g=; fh=Q62XExkud6Kc/A8jBxPAFKVbC4G06JkPvwPZ2N6Y9c8=; b=KzrnGaOSXZLsP+2lpOJKhxUT0bVZcKa1OLO+5/R4phdPWcmS3bdLP2CCLmwqhtMW7u cv02t4JWZHECQdC7PA8IW+gcFlAkVvpMzPEPV22h/C5d86jRxSaIb2uj0Oo2HzBetpPV QXDtD3WDehR2qBTgnUrzrgp7ie+/Y29Q5/ucN/z4avTN/FZGMN03H/OmdG8x1bJhCXS3 CXKPe1ZOW6UyHKXxNx7qDVpZ8yY6U16we891V7nF0+dkRSPfrNuy13xEeBOuzvsrtErZ LRglIX/bGlJ3bb/gtq6VhukUZkt746a6oT+e2CfXVGce5qjVD9Lrok1yopjYfeLTPC7P 5pyQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@spwhitton.name header.s=fm1 header.b=eeuzoDKS; dkim=fail header.i=@messagingengine.com header.s=fm2 header.b=DGs7TQoK; spf=pass (google.com: domain of oss-security-return-30000-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30000-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=spwhitton.name Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id c5-20020a056214224500b0069b2a0fcf28si1823994qvc.607.2024.04.11.06.51.58 for ; Thu, 11 Apr 2024 06:51:59 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30000-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=fail header.i=@spwhitton.name header.s=fm1 header.b=eeuzoDKS; dkim=fail header.i=@messagingengine.com header.s=fm2 header.b=DGs7TQoK; spf=pass (google.com: domain of oss-security-return-30000-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30000-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=spwhitton.name Received: (qmail 27891 invoked by uid 550); 11 Apr 2024 13:44:01 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 9349 invoked from network); 11 Apr 2024 09:13:00 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spwhitton.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1712826769; x= 1712913169; bh=XuFkmio5B4kzkblNM4eNxp6uFKhE1gjXdBPpLn9za0g=; b=e euzoDKSRFvQqMBWL4XGZj5DVTUiJaffUHGU4e9UUo5MPsnX6l6/kLe2Hit65Acr9 11G66TT79+vjlew6CHcNEdtsDhPQXl5ZNMvbSngvUExDX0VhspGGn+4nhqP8OLMQ cSBgSg9I5zR0iojBZ2eCc/gUqffF/LvZPx82tttzAJEpm+A23pDwSgrLh6w9ufgY bgsQNk0JFH1ILjjZ+Cr74BXzkUXL5HMIV/sFqH8+jgHnMt5xoMQwGvqZmREevEBE U2He1+00p5j2YCTpTD88garHN1KNDUio2ALnixtkh/ZF665HOSJnKdiZ2ApUfWNR KYf10WSsqsiQL8SA93N5g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1712826769; x=1712913169; bh=XuFkmio5B4kzkblNM4eNxp6uFKhE 1gjXdBPpLn9za0g=; b=DGs7TQoKwXl0EqqinzRqhoAic0yLLzQYG3o/2yeNeIWx c2qu2DbblxccG6Pt8FTrymZKKFtJ4JXVbaEeh1mYKwPnGp4PXGQM1osM+0/matfe 59nPU7DInx6x87ft62doePToDFpoWhXUvE1Dln3ivfTW1687FWxahE9pkknZfoxL eNnEdsUJPUD+g3+YqjFh2ehPk/znRe9p9pWIfp1SagY25Ho7naTj1fOJmZXOy84c 2sLlocuXpDoNzThlhXOG4uNGbLYcHjdoZMAZXxbNXtzjZO2qk/MlUItQPFl/OU5M YcUyTwqPskEJUtDl53nEYn3bRkBtNqBqYQl1DscgzQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudehkedgudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefujghffffkfgggtgesghdttdertdertdenucfhrhhomhepufgvrghn ucghhhhithhtohhnuceoshhpfihhihhtthhonhesshhpfihhihhtthhonhdrnhgrmhgvqe enucggtffrrghtthgvrhhnpeeivdegfedvgfelleehieejveffhfejheeltdekgffggffh jeegieegteeivedvgfenucffohhmrghinhepmhhithhrvgdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsphifhhhithhtohhnsehs phifhhhithhtohhnrdhnrghmvg X-ME-Proxy: Feedback-ID: i23c04076:Fastmail From: Sean Whitton To: Max Nikulin Cc: oss-security@lists.openwall.com, emacs@packages.debian.org, emacs-devel@gnu.org, Ihor Radchenko In-Reply-To: (Max Nikulin's message of "Wed, 10 Apr 2024 22:07:02 +0700") References: <874jccjpvy.fsf@melete.silentflame.com> <87y19nu22i.fsf@localhost> <87bk6he8h4.fsf_-_@melete.silentflame.com> <87o7ahe85l.fsf@localhost> Date: Thu, 11 Apr 2024 17:12:37 +0800 Message-ID: <8734rsdzzu.fsf@melete.silentflame.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Subject: [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, On Wed 10 Apr 2024 at 10:07pm +07, Max Nikulin wrote: > On 10/04/2024 21:17, Salvatore Bonaccorso wrote: >> On Wed, Apr 10, 2024 at 12:04:06PM +0000, Ihor Radchenko wrote: >>> >>> Yes, CVE-2024-30203 title is superfluous. >>> And CVE-2024-30204 title is not accurate - it only applies to >>> certain attachments with specific (text/x-org) mime type. > [...] >> If you think the CVE assignment is not valid, then you might ask for a >> REJECT on https://cveform.mitre.org/ . > > Do 2 CVE numbers make sense to track fixes in Emacs and Org mode? Various > versions of Org mode may be loaded to different versions of Emacs and both > parties must have fixes to avoid the issue. My understanding is that one CVE for the same vulnerability in multiple code bases is normal. =2D-=20 Sean Whitton --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYXqYYZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQNIhD/0YfioHDT/4heoRCVmvo1Md OjJE9tL7UYBJcu9q5ujgxAS5PVBeckgcuXnzzC57vt8JVnKs5TLMxIYH/ARXAGsm D0sarTxXc6rqdswx4McU/itCGoGWQFmnmFwLcdriB9sLFhkC4HKF5pb+LJuNcL9f kMvN+JwjzSCUzvRp2i7AJAWbSkQQQXpPMwke3xWXsHXDhXJnCukxV7bsHF/xcQLI O5Mn+2alTLAEKh3pYUScc4DJ4DDkWjI5p0E24quLRm4EnzpMiZo77qXB8Psbx6mC lef8pyVDDCAQv+ONBtkicnvg4rIVrnQ5hRE3BpXYShLSSbEx/XH5sCpXWdOQD0j8 a5xj5UiY2f5Rmf0qBpmCzPbsG6JDWxp2bICRaZB+W1lJFs9eDDX9PKSaRflvdFdb FG3A1bxQE+C3OStBz3NbmOlQqL0E+cgnm6brV/QXm5sIBYDjxDeshQQGyBcKciXH jBTlB/vubkG8ITme9JD9cStCgzOwabIOq3Dwly1muzMEnM4MnA36RyZ3qaDJtIi9 0opPOfTqlDXHjgzt0AYcaSsGlR14v9VnOXdDfhTVjD3RehUv6WqRgjZhlV3YHs56 67gbEIvi1cFGyrfefYDXs/cOfzB7sbBlaMuYLtK1tCU8lwtHgQubPiXS7Lgb7BbK iMelSecOx+IQbpA1PivkAw== =mOir -----END PGP SIGNATURE----- --=-=-=--