Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Re: Is CVE-2024-30203 bogus? (Emacs)

Related Vulnerabilities: CVE-2024-30203   CVE-2024-30204  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Re: Is CVE-2024-30203 bogus? (Emacs)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Salvatore Bonaccorso &lt;carnil () debian org&gt;

Date: Wed, 10 Apr 2024 16:17:15 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,

On Wed, Apr 10, 2024 at 12:04:06PM +0000, Ihor Radchenko wrote:
Sean Whitton &lt;spwhitton () spwhitton name&gt; writes:

Hmm, thank you, but let me ask a follow-up question: do you agree with
me that there is only one security flaw covered by these two CVEs, and
CVE-2024-30203 is the superfluous one?

Yes, CVE-2024-30203 title is superfluous.
And CVE-2024-30204 title is not accurate - it only applies to
certain attachments with specific (text/x-org) mime type.

Note that the CVE assignment (by MITRE as assigning CNA) for
CVE-2024-30203 is explicitly as follows:

In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

associated with:

https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&amp;id=937b9042ad7426acdcca33e3d931d8f495bdd804

If you think the CVE assignment is not valid, then you might ask for a
REJECT on https://cveform.mitre.org/ .

Regards,
Salvatore

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 08)

Re: Is CVE-2024-30203 bogus? (Emacs) Eli Zaretskii (Apr 08)

Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 08)

Re: Is CVE-2024-30203 bogus? (Emacs) Ihor Radchenko (Apr 08)

Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 10)

Re: Is CVE-2024-30203 bogus? (Emacs) Ihor Radchenko (Apr 10)
Re: Re: Is CVE-2024-30203 bogus? (Emacs) Salvatore Bonaccorso (Apr 10)
Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 10)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started