Ihor Radchenko writes:
> I am inclined to call this a feature, and leave the current behavior
> unchanged, but would like to hear from others first.
The responses are all in favor of keeping the existing behavior.
No changes.
Closed.
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn m
Ihor Radchenko writes:
> Ihor Radchenko writes:
>
>> I just released Org mode 9.7.5 that fixes a critical vulnerability.
>> The release is coordinated with emergency Emacs 29.4 release.
>
> This one is another potential issue (or a feature) we have found while
> discussing the main vulnerability
Ihor Radchenko writes:
> I just released Org mode 9.7.5 that fixes a critical vulnerability.
> The release is coordinated with emergency Emacs 29.4 release.
This one is another potential issue (or a feature) we have found while
discussing the main vulnerability.
Currently, one can create an Org
Dear all,
> I just released Org mode 9.7.5 that fixes a critical vulnerability.
> The release is coordinated with emergency Emacs 29.4 release.
> ...
> The vulnerability involves arbitrary Shell code evaluation...
In a view of the recent vulnerability, we are considering to remove the
offending f
Ihor Radchenko writes:
> emacs-orgm...@city17.xyz writes:
>
>> Will a CVE be released?
>
> Should be, I think.
> If nobody reports it independently by tomorrow, I will look into how to
> request a CVE number myself.
https://www.cve.org/CVERecord?id=CVE-2024-39331
--
Ihor Radchenko // yantar92,
Ihor Radchenko writes:
> I just released Org mode 9.7.5 that fixes a critical vulnerability.
> The release is coordinated with emergency Emacs 29.4 release.
Thank you a lot for your diligent and careful work on this!
--
Bastien Guerry
Greg Troxel writes:
> (Thanks for fixing and your efforts on org. I've been an org user since
> at least July of 2010.)
>
> Just to be clear, is this the commit that needs applying to emacs
> sources, 29.3, 28.x, and so on?
Yes, that's the correct commit.
> It seems so, but I would rather not
(Thanks for fixing and your efforts on org. I've been an org user since
at least July of 2010.)
Just to be clear, is this the commit that needs applying to emacs
sources, 29.3, 28.x, and so on? It seems so, but I would rather not
guess. I'm asking on behalf of pkgsrc, where I am managing the re
emacs-orgm...@city17.xyz writes:
> Will a CVE be released?
Should be, I think.
If nobody reports it independently by tomorrow, I will look into how to
request a CVE number myself.
> ... I am interested if there are mitigating factors
> such as using `emacs -nw` (without GUI), thus no possible pr
Ihor Radchenko writes:
I just released Org mode 9.7.5 that fixes a critical vulnerability.
The release is coordinated with emergency Emacs 29.4 release.
Thanks for the release and the anouncement.
Will a CVE be released? I am interested if there are mitigating factors
such as using `emacs
Ihor Radchenko writes:
> Please upgrade your Org mode *and* Emacs ASAP.
*Org mode or Emacs.
The fix is purely in Org code, so upgrading Emacs is only needed when
you want to use built-in Org mode.
Otherwise, it is enough to upgrade Org mode via ELPA (the tarball will
be available soon, after E
Dear all,
I just released Org mode 9.7.5 that fixes a critical vulnerability.
The release is coordinated with emergency Emacs 29.4 release.
Please upgrade your Org mode *and* Emacs ASAP.
The vulnerability involves arbitrary Shell code evaluation when
previewing attachments in Emacs MUA (gnus-bas
12 matches
Mail list logo
