Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
Control: tags -1 patch I've been using my patch for several months without any visible drawback. On 2015-03-02 19:28:05 +0100, Moritz Muehlenhoff wrote: On Mon, Dec 29, 2014 at 06:58:55PM +0100, Vincent Lefevre wrote: Control: tags -1 security On 2014-12-28 16:29:12 +0100, Vincent Lefevre wrote: Note: This bug occurs very often and is very annoying, as one needs to reselect what was selected (sometimes hardly possible). Moreover the wrongly pasted text is similar to the correct text[*], meaning that if one doesn't pay attention, one gets a file with permanently incorrect data! Grrr... That's also a security problem. Due to this bug, a paste with a middle click in a web browser can end up in pasting private data! And Javascript can provide the pasted text to the web site immediately (Facebook does that), before the user can notice the problem. That's certainly a bug, but not an RC-level security issue. I disagree. Potentially leaking private data (which is a direct consequence of this bug) should be regarded as a RC-level security issue. This bug can also yield data loss. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
severity -1 important thanks On Mon, Dec 29, 2014 at 06:58:55PM +0100, Vincent Lefevre wrote: Control: tags -1 security On 2014-12-28 16:29:12 +0100, Vincent Lefevre wrote: Note: This bug occurs very often and is very annoying, as one needs to reselect what was selected (sometimes hardly possible). Moreover the wrongly pasted text is similar to the correct text[*], meaning that if one doesn't pay attention, one gets a file with permanently incorrect data! Grrr... That's also a security problem. Due to this bug, a paste with a middle click in a web browser can end up in pasting private data! And Javascript can provide the pasted text to the web site immediately (Facebook does that), before the user can notice the problem. That's certainly a bug, but not an RC-level security issue. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
Seems to work ok with emacs24-nox. Perhaps using that would be a temporary workaround? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
On 2015-01-03 11:25:14 -0800, Alex Goebel wrote: Seems to work ok with emacs24-nox. Emacs from emacs24-nox does not have GUI support, so that what you observe is the behavior of the text terminal. Perhaps using that would be a temporary workaround? But losing GUI support would be a major loss of feature. Note that this is quite a recent regression, as there was no such problem with Emacs 24.3 and before. A solution could be to find what caused the change of behavior and revert the broken patch. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
Control: tags -1 security On 2014-12-28 16:29:12 +0100, Vincent Lefevre wrote: Note: This bug occurs very often and is very annoying, as one needs to reselect what was selected (sometimes hardly possible). Moreover the wrongly pasted text is similar to the correct text[*], meaning that if one doesn't pay attention, one gets a file with permanently incorrect data! Grrr... That's also a security problem. Due to this bug, a paste with a middle click in a web browser can end up in pasting private data! And Javascript can provide the pasted text to the web site immediately (Facebook does that), before the user can notice the problem. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
Package: emacs24 Version: 24.4+1-4.1 Severity: grave Justification: causes non-serious data loss Forwarded: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939 A left-click in Emacs should just change the cursor position. It shouldn't be a destructive operation. But the following test shows that it sometimes modifies the PRIMARY selection. 1. Open a file containing a line, say foo, with emacs -Q. 2. When the cursor is at the beginning, type C-k. 3. Select text in some other window that supports the PRIMARY selection (xterm, some other Emacs window, etc.). 4. Left-click in the initial Emacs window. 5. Middle-click in some window that supports middle-click paste of the PRIMARY selection (xterm, Emacs, etc.). Instead of pasting the previously selected text, this pastes what was cut with C-k in Emacs. Note: This bug occurs very often and is very annoying, as one needs to reselect what was selected (sometimes hardly possible). Moreover the wrongly pasted text is similar to the correct text[*], meaning that if one doesn't pay attention, one gets a file with permanently incorrect data! [*] This problem precisely occurs when one wants to update some data in a file with Emacs: one cuts the old data, select the new data somewhere else, and pastes back to the Emacs window; but due to this bug, what is pasted is sometimes what was cut, i.e. the old data. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages emacs24 depends on: ii emacs24-bin-common 24.4+1-4.1 ii gconf-service 3.2.6-3 ii libacl12.2.52-2 ii libasound2 1.0.28-1 ii libatk1.0-02.14.0-1 ii libc6 2.19-13 ii libcairo-gobject2 1.14.0-2.1 ii libcairo2 1.14.0-2.1 ii libdbus-1-31.8.12-3 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-2 ii libgconf-2-4 3.2.6-3 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libgif44.1.6-11 ii libglib2.0-0 2.42.1-1 ii libgnutls-deb0-28 3.3.8-5 ii libgomp1 4.9.2-10 ii libgpm21.20.4-6.1+b2 ii libgtk-3-0 3.14.5-1 ii libice62:1.0.9-1+b1 ii libjpeg62-turbo1:1.3.1-11 ii libm17n-0 1.6.4-3 ii libmagickcore-6.q16-2 8:6.8.9.9-4 ii libmagickwand-6.q16-2 8:6.8.9.9-4 ii libotf00.9.13-2 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-01.36.8-3 ii libpng12-0 1.2.50-2+b2 ii librsvg2-2 2.40.5-1 ii libselinux12.3-2 ii libsm6 2:1.2.2-1+b1 ii libtiff5 4.0.3-11 ii libtinfo5 5.9+20140913-1+b1 ii libx11-6 2:1.6.2-3 ii libxft22.3.2-1 ii libxinerama1 2:1.1.3-1+b1 ii libxml22.9.1+dfsg1-3 ii libxpm41:3.5.11-1+b1 ii libxrandr2 2:1.4.2-1+b1 ii libxrender11:0.9.8-1+b1 ii zlib1g 1:1.2.8.dfsg-2+b1 emacs24 recommends no packages. Versions of packages emacs24 suggests: ii emacs24-common-non-dfsg 24.4+1-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
