Ihor Radchenko writes:
> Ihor Radchenko writes:
>
>> I just released Org mode 9.7.5 that fixes a critical vulnerability.
>> The release is coordinated with emergency Emacs 29.4 release.
>
> This one is another potential issue (or a feature) we have found while
> discussing the main
Ihor Radchenko writes:
> I just released Org mode 9.7.5 that fixes a critical vulnerability.
> The release is coordinated with emergency Emacs 29.4 release.
This one is another potential issue (or a feature) we have found while
discussing the main vulnerability.
Currently, one can create an
Dear all,
> I just released Org mode 9.7.5 that fixes a critical vulnerability.
> The release is coordinated with emergency Emacs 29.4 release.
> ...
> The vulnerability involves arbitrary Shell code evaluation...
In a view of the recent vulnerability, we are considering to remove the
offending
Ihor Radchenko writes:
> emacs-orgm...@city17.xyz writes:
>
>> Will a CVE be released?
>
> Should be, I think.
> If nobody reports it independently by tomorrow, I will look into how to
> request a CVE number myself.
https://www.cve.org/CVERecord?id=CVE-2024-39331
--
Ihor Radchenko //
Ihor Radchenko writes:
> I just released Org mode 9.7.5 that fixes a critical vulnerability.
> The release is coordinated with emergency Emacs 29.4 release.
Thank you a lot for your diligent and careful work on this!
--
Bastien Guerry
Greg Troxel writes:
> (Thanks for fixing and your efforts on org. I've been an org user since
> at least July of 2010.)
>
> Just to be clear, is this the commit that needs applying to emacs
> sources, 29.3, 28.x, and so on?
Yes, that's the correct commit.
> It seems so, but I would rather not
(Thanks for fixing and your efforts on org. I've been an org user since
at least July of 2010.)
Just to be clear, is this the commit that needs applying to emacs
sources, 29.3, 28.x, and so on? It seems so, but I would rather not
guess. I'm asking on behalf of pkgsrc, where I am managing the
emacs-orgm...@city17.xyz writes:
> Will a CVE be released?
Should be, I think.
If nobody reports it independently by tomorrow, I will look into how to
request a CVE number myself.
> ... I am interested if there are mitigating factors
> such as using `emacs -nw` (without GUI), thus no possible
Ihor Radchenko writes:
I just released Org mode 9.7.5 that fixes a critical vulnerability.
The release is coordinated with emergency Emacs 29.4 release.
Thanks for the release and the anouncement.
Will a CVE be released? I am interested if there are mitigating factors
such as using `emacs
Ihor Radchenko writes:
> Please upgrade your Org mode *and* Emacs ASAP.
*Org mode or Emacs.
The fix is purely in Org code, so upgrading Emacs is only needed when
you want to use built-in Org mode.
Otherwise, it is enough to upgrade Org mode via ELPA (the tarball will
be available soon, after
Dear all,
I just released Org mode 9.7.5 that fixes a critical vulnerability.
The release is coordinated with emergency Emacs 29.4 release.
Please upgrade your Org mode *and* Emacs ASAP.
The vulnerability involves arbitrary Shell code evaluation when
previewing attachments in Emacs MUA
11 matches
Mail list logo
