<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Re: Is CVE-2024-30203 bogus? (Emacs)
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 10 Apr 2024 16:17:15 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,
On Wed, Apr 10, 2024 at 12:04:06PM +0000, Ihor Radchenko wrote:
Sean Whitton <spwhitton () spwhitton name> writes:
Hmm, thank you, but let me ask a follow-up question: do you agree with
me that there is only one security flaw covered by these two CVEs, and
CVE-2024-30203 is the superfluous one?
Yes, CVE-2024-30203 title is superfluous.
And CVE-2024-30204 title is not accurate - it only applies to
certain attachments with specific (text/x-org) mime type.
Note that the CVE assignment (by MITRE as assigning CNA) for
CVE-2024-30203 is explicitly as follows:
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
associated with:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804
If you think the CVE assignment is not valid, then you might ask for a
REJECT on https://cveform.mitre.org/ .
Regards,
Salvatore
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 08)
Re: Is CVE-2024-30203 bogus? (Emacs) Eli Zaretskii (Apr 08)
Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 08)
Re: Is CVE-2024-30203 bogus? (Emacs) Ihor Radchenko (Apr 08)
Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 10)
Re: Is CVE-2024-30203 bogus? (Emacs) Ihor Radchenko (Apr 10)
Re: Re: Is CVE-2024-30203 bogus? (Emacs) Salvatore Bonaccorso (Apr 10)
Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 10)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->