[ANNOUNCE] Emacs 25.3 released

From: Nicolas Petton Subject: [ANNOUNCE] Emacs 25.3 released Date: Mon, 11 Sep 2017 22:52:00 +0200

Hi! Version 25.3 of the Emacs text editor is now available. For more information on Emacs, see: http://www.gnu.org/software/emacs You can retrieve the source from your nearest GNU mirror by using one of the following links: http://ftpmirror.gnu.org/emacs/emacs-25.3.tar.xz http://ftpmirror.gnu.org/emacs/emacs-25.3.tar.gz You can get the PGP signatures at http://ftp.gnu.org/gnu/emacs/emacs-25.3.tar.xz.sig http://ftp.gnu.org/gnu/emacs/emacs-25.3.tar.gz.sig You can choose a mirror explicitly from the list at: http://www.gnu.org/prep/ftp.html Mirrors may take some time to update; the main GNU ftp server is at: http://ftp.gnu.org/gnu/emacs/ This is an emergency release to fix a security vulnerability in Emacs. Enriched Text mode has its support for decoding 'x-display' disabled. This feature allows saving 'display' properties as part of text. Emacs 'display' properties support evaluation of arbitrary Lisp forms as part of instantiating the property, so decoding 'x-display' is vulnerable to executing arbitrary malicious Lisp code included in the text (e.g., sent as part of an email message). This vulnerability was introduced in Emacs 19.29. To work around that in Emacs versions before 25.3, append the following to your ~/.emacs init file: (eval-after-load "enriched" '(defun enriched-decode-display-prop (start end &optional param) (list start end))) Gnus no longer supports "richtext" and "enriched" inline MIME objects. This support was disabled to avoid evaluation of arbitrary Lisp code contained in email messages and news articles. Printed copies of the Emacs manual are available for purchase from the Free Software Foundation's online store at: http://shop.fsf.org/product/emacs-manual/ (The version on sale is updated for Emacs 24.2, but it remains a great reference book for current Emacs, and buying a copy is a great way to support the work of the FSF.) Regards, Nico

signature.asc

Description: PGP signature

reply via email to

