The GNU Project has published the release of the GNU Emacs 29.3 text editor. Until the release of GNU Emacs 24.5, the project developed under the personal leadership of Richard Stallman, who handed over the post of project leader to John Wiegley in the fall of 2015. The project code is written in C and Lisp and is distributed under the GPLv3 license.
GNU Emacs 29.3 is being touted as an unscheduled emergency release with vulnerabilities fixed. According to preliminary data, the vulnerabilities allow code execution to occur when opening certain content or viewing emails with specially designed attachments in Gnus. The vulnerabilities in the list of changes are not yet detailed; there is only information about added protection methods:
- To block the substitution of external malicious code, it is prohibited to execute arbitrary Lisp code when Org mode is enabled.
- Added a new variable 'untrusted-content' that can be used to flag the local buffering of untrusted content that Lisp programs should treat with extreme caution.
- In Gnus, the contents of inline MIME blocks are now treated as untrustworthy.
- By default, previewing the contents of mail attachments in LaTeX format is disabled. Added parameter 'orgβlatex-preview-when-risky' to return old behavior.
- In Org mode, the contents of external files called via 'file-remote-p' are treated as untrustworthy.
Source: opennet.ru