Context Navigation

← Previous Ticket
Next Ticket →

#9755 closed enhancement (fixed)

emacs-25.3

Reported by:	bdubbs@…	Owned by:	bdubbs@…
Priority:	normal	Milestone:	8.2
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

New minor version.

Change History (3)

comment:1 by bdubbs@…, 7 years ago

Owner:	changed from blfs-book@… to bdubbs@…
Status:	new → assigned

comment:2 by bdubbs@…, 7 years ago

Changes in Emacs 25.3

This is an emergency release to fix a security vulnerability in Emacs.

Security vulnerability related to Enriched Text mode is removed.

Enriched Text mode has its support for decoding 'x-display' disabled.

This feature allows saving 'display' properties as part of text. Emacs 'display' properties support evaluation of arbitrary Lisp forms as part of instantiating the property, so decoding 'x-display' is vulnerable to executing arbitrary malicious Lisp code included in the text (e.g., sent as part of an email message).

This vulnerability was introduced in Emacs 19.29. To work around that in Emacs versions before 25.3, append the following to your ~/.emacs init file:

  (eval-after-load "enriched"
    '(defun enriched-decode-display-prop (start end &optional param)
       (list start end)))

Gnus no longer supports "richtext" and "enriched" inline MIME objects. This support was disabled to avoid evaluation of arbitrary Lisp code contained in email messages and news articles.

comment:3 by bdubbs@…, 7 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at revision 19236.

Note: See TracTickets for help on using tickets.

Download in other formats: