Add workaround for Emacs 28.2 vulnerablities

zk-phi · Mar 6, 2023 · 9d9652e · 9d9652e
1 parent c562b21
commit 9d9652e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/emacs/.emacs.d/init.el b/emacs/.emacs.d/init.el
@@ -14,6 +14,15 @@
         setup-disable-magic-file-name t))
 (setup-initialize)
 
+;; vuln workaround (see also .zshrc)
+
+(setup-after "htmlfontify"
+  (defun hfy-text-p (srcdir file)
+    (error "this function is known to be vulnerable in emacs 28.2 (CVE-2022-48339)")))
+(setup-after "ruby-mode"
+  (defun ruby-find-library-file (&optional feature-name)
+    (error "this function is known to be vulnerable in emacs 28.2 (CVE-2022-48338)")))
+
 ;; + Cheat Sheet :
 ;; + | global
 

diff --git a/zsh/.zshrc b/zsh/.zshrc
@@ -1,5 +1,14 @@
 ZSH=$HOME/.zsh.d
 
+# vuln workaround (see also init.el)
+
+function etags {
+    echo "etags in Emacs 28.2 is known to be vulnerable (CVE-2022-48337)"
+}
+function ctags {
+    echo "ctags in Emacs 28.2 is known to be vulnerable (CVE-2022-45939)"
+}
+
 # ------------------------------
 # load plugins
 # ------------------------------