From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id KGAgNEFgAGYySQAAe85BDQ:P1 (envelope-from ) for ; Sun, 24 Mar 2024 18:17:54 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id KGAgNEFgAGYySQAAe85BDQ (envelope-from ) for ; Sun, 24 Mar 2024 18:17:53 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=odgqnzFr; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=posteo.net ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1711300673; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=uCyC2MWcUKPmphHeurTBwtUOtobEidrsT+1wL5k6p7Y=; b=Tey5h8EZQ/nYDVHMo3r0Uw8Erog1w61Y0AXD9qNdeoMWdO/R7wdR49dWhH47/IutHYohTs OpsBeOYDbZUNeqtz7dnHQAdJFT1UdSapk1ha2+ZTo/XW8RDqKm/OSjZcTBi2qQ4x2Qa8jD 9daelbphvFeWmP9Zg669Wvp4QtOWMa8AroaSuyix+1D/YTdLJ+Qd7o/Osw7WzHxi9R+XLd JZRGQM44wEozE2c1IJGYHRh4A4aoMwJYX43nCGRnN97ou1IabnyVyrN9N2V5d9JOneDBpG k8nCYgecat4z8ptuRVFw1kj7QbgZGbUTIjyZ808mkWKTh7tjJ/jkrMlrB5dMmg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=odgqnzFr; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=posteo.net ARC-Seal: i=1; s=key1; d=yhetil.org; t=1711300673; a=rsa-sha256; cv=none; b=avK/PZrZQpXFp3Y13VnLYwnjp+ssbpOQOxCjOEtI3NGlH63zSVB1JpJ65YUoRskIqyPkoW 0kM6e1GOh8A7SC8rkYwmS46XAh8Jk33cUL/pi+vLrFgdZ1sTXTFZwHvj3Gp81CDRUvR90u 2y54THNZAGPBtRDtA3rBmDqRUPeqTXPwfBMw5vbGOvblTcu53H+fF5cPmuyzKPBHhjqkkD Ukas5DT3tmErLeEyXc99U/ws6Jn4cUY8xc/be0T9s1ORWNq4JBz9epSlkbktx8B84ihqhY 9g6Q/a3XXpVzMT2Xog314x5mrTxEcr7Q4dwynKKPPCvQSYo0hJrjQiAR8ThAgg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 96AD63D8DA for ; Sun, 24 Mar 2024 18:17:53 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1roRSo-0005jw-L9; Sun, 24 Mar 2024 13:16:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1roRSm-0005jn-Nt for emacs-orgmode@gnu.org; Sun, 24 Mar 2024 13:16:52 -0400 Received: from mout01.posteo.de ([185.67.36.65]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1roRSk-0008RI-Iw for emacs-orgmode@gnu.org; Sun, 24 Mar 2024 13:16:52 -0400 Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id B7463240029 for ; Sun, 24 Mar 2024 18:16:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1711300608; bh=1FG7H3WJURWc9yTa/uh9rTL++T3MGzkj+AGAfg9m60o=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:From; b=odgqnzFr6GJeEKpixX/c/qJ9lxCEw0kdqCiI1525X9RL5pNdO81RXi23uZ1hKkmjj +pWUovDs+583ugKvVohrtMmJLvqnfIE/rlKASCQdUbu7Q/X4G6iwG6VlFMqfChumPE QvT9y4MDNCT4l7II2pJy8LLRjcxg0TRp/EYz5TBiVyU3xlSOqPKMDhdgl9WwaPcU0O NO8JqR6i6YHptpFCmKB/8DUUDFcAMdBedijKYFjjWllz3mn0OFqNE5dfI+n73q1M4G 7HggHKERCEa6zjqAM0j7AZg6cLsBSftdyL62Wm64Dypan3hZNTOVqDO0YUI3QatpJU VM23KRBixwa9g== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4V2jR40cqPz6txc; Sun, 24 Mar 2024 18:16:47 +0100 (CET) From: Ihor Radchenko To: emacs-orgmode@gnu.org, Bastien Subject: [ANN] Emergency bugfix release: Org mode 9.6.23 Date: Sun, 24 Mar 2024 17:16:50 +0000 Message-ID: <871q7zbldp.fsf@localhost> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=185.67.36.65; envelope-from=yantar92@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 96AD63D8DA X-Spam-Score: -9.41 X-Migadu-Spam-Score: -9.41 X-Migadu-Scanner: mx11.migadu.com X-TUID: Xng94ywpxfZN Dear all, I just released Org mode 9.6.23 that fixes several critical vulnerabilities. The release is coordinated with emergency Emacs 29.3 release (https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html). Please upgrade your Org mode *and* Emacs ASAP. The vulnerabilities involve arbitrary Elisp and LaTeX evaluation when previewing attachments in Emacs or when opening third-party Org files. The arbitrary Elisp evaluation is fixed by this release. The fix for LaTeX evaluation requires Emacs 29.3 and will not work for the earlier Emacs versions. If upgrading Emacs is not viable, as a workaround, you can set `org-preview-latex-default-process' to 'verbatim - this will disable LaTeX previews and avoid the vulnerability. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at