Control: found -1 1:28.2+1-15
On Sun, 24 Mar 2024 16:53:55 -0300 David Bremner wrote:
** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode.
This is for security reasons, to avoid evaluating malicious Lisp code.
Emacs-28 in Debian 12 bookworm requires the fix as well.
Source: org-mode
versions 9.5 and 9.6 till 9.6.23 are affected as well.
** LaTeX preview is now by default disabled for email attachments.
To get back previous insecure behavior, set the variable
'org--latex-preview-when-risky' to a non-nil value.
This one is rather old, so almost certainly even Emacs-26 is affected.
On the other hand its severity is not so high and only users having
latex packages installed are affected.
See also
Ihor Radchenko to emacs-orgmode… [ANN] Emergency bugfix release: Org
mode 9.6.23. Sun, 24 Mar 2024 17:16:50 +0000.
https://list.orgmode.org/871q7zbldp.fsf@localhost
The fix for LaTeX evaluation requires Emacs 29.3 and will not work for
the earlier Emacs versions. If upgrading Emacs is not viable, as a
workaround, you can set `org-preview-latex-default-process' to 'verbatim
- this will disable LaTeX previews and avoid the vulnerability.