Opened 5 weeks ago

Closed 5 weeks ago

#19537 closed enhancement (fixed)

emacs-29.3

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: high Milestone: 12.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (5)

comment:1 by Douglas R. Reno, 5 weeks ago

Priority: normalhigh

Contains some security fixes: 

* Changes in Emacs 29.3
Emacs 29.3 is an emergency bugfix release intended to fix several
security vulnerabilities described below.

** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode.
This is for security reasons, to avoid evaluating malicious Lisp code.

** New buffer-local variable 'untrusted-content'.
When this is non-nil, Lisp programs should treat buffer contents with
extra caution.

** Gnus now treats inline MIME contents as untrusted.
To get back previous insecure behavior, 'untrusted-content' should be
reset to nil in the buffer.

** LaTeX preview is now by default disabled for email attachments.
To get back previous insecure behavior, set the variable
'org--latex-preview-when-risky' to a non-nil value.

** Org mode now considers contents of remote files to be untrusted.
Remote files are recognized by calling 'file-remote-p'.

Marked as High because this is classified as an emergency by upstream

comment:2 by Bruce Dubbs, 5 weeks ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Douglas R. Reno, 5 weeks ago

CVEs have been assigned - CVE-2024-30205, CVE-2024-30204, CVE-2024-30203, and CVE-2024-30202

comment:4 by Bruce Dubbs, 5 weeks ago

Fixed at commit 37057adbd5. Leaving open for security advisory.

comment:5 by Douglas R. Reno, 5 weeks ago

Resolution: fixed
Status: assignedclosed

SA-12.1-014 issued

Note: See TracTickets for help on using tickets.