[OS X Emacs] Security: Gnus & GNU Emacs 25.2 enriched text remote code execution
David Reitter
david.reitter at gmail.com
Sun Sep 17 16:45:23 EDT 2017
I merged Emacs 25.3 with Aquamacs earlier today, so the next nightly build will contain this fix.
--
http://aquamacs.org -- Aquamacs: Emacs on Mac OS X
http://aquamacs.org/donate -- Could we help you? Return the favor and support the Aquamacs Project!
> On Sep 16, 2017, at 1:56 PM, Clemens Schüller <c.schueller at mailbox.org> wrote:
>
> Hello David!
>
> Short question:
>
> Is this bug fixed in the nightlies of Aquamacs?
>
>
> Best Regards, Clemens Schüller
>
> --8<---------------cut here---------------start------------->8---
> Emacs 25.3 is an emergency release to fix a security vulnerability
> that is exploitable remotely in Emacs-based mail clients (such as
> Gnus).
>
> Please update to Emacs 25.3 as soon as possible:
> http://lists.gnu.org/archive/html/info-gnu-emacs/2017-09/msg00000.html
>
> To work around the bug in Emacs versions before 25.3, put the
> following code in your personal or site-wide Emacs init file
> (~/.emacs, ~/emacs.d/init.el, site-start.el):
>
> (eval-after-load "enriched"
> '(defun enriched-decode-display-prop (start end &optional param)
> (list start end)))
>
> See also <http://www.openwall.com/lists/oss-security/2017/09/11/1>.
> --8<---------------cut here---------------end--------------->8---
More information about the MacOSX-Emacs
mailing list