Opened 7 years ago
Closed 7 years ago
#9755 closed enhancement (fixed)
emacs-25.3
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 8.2 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New minor version.
Change History (3)
comment:1 by , 7 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 7 years ago
Note:
See TracTickets
for help on using tickets.
Changes in Emacs 25.3
This is an emergency release to fix a security vulnerability in Emacs.
This feature allows saving 'display' properties as part of text. Emacs 'display' properties support evaluation of arbitrary Lisp forms as part of instantiating the property, so decoding 'x-display' is vulnerable to executing arbitrary malicious Lisp code included in the text (e.g., sent as part of an email message).
This vulnerability was introduced in Emacs 19.29. To work around that in Emacs versions before 25.3, append the following to your ~/.emacs init file: