Hello, On Wed 05 Feb 2025 at 07:22pm +07, Max Nikulin wrote:
> On 25/01/2025 19:30, Sean Whitton wrote: >> We want to fix this for trixie. I hope that Emacs 30.1 comes out before >> our freeze, then we will just upload that. > > Emacs-29 in trixie as a stable release certainly would be disappointing. > > My primary concern are Emacs-28 and Emacs-27 in current stable and > oldstable repositories. These versions have to be patched anyway. > > Notice that the CVE description does not contain the most dangerous > case. It is not really apparent even from the updated version of > the blog post despite reported as > https://debbugs.gnu.org/37656 > years ago. Please, read the bug description if your opinion is based on > early variant of the blog post. > > Completion bug is not explicitly referenced as well > https://debbugs.gnu.org/32495 > but it is discussed more extensively. Thank you for sharing the additional links. Given that the security team have decided not to issue a DSA, the fix has to land in unstable first before we look at stable and oldstable. If someone has an appropriate for for Emacs 29 we can certainly upload it. -- Sean Whitton
signature.asc
Description: PGP signature
