From b3fd6831dc38c1e1fedc4c9fbf344662384fa10a Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 12 Sep 2017 09:24:43 -0700 Subject: Merge Emacs 25.3 fixes The security patches released for Emacs 25.3 were less drastic than what we had immediately put into master. Adjust master to match 25.3 (Bug#28350). * lisp/textmodes/enriched.el (enriched-translations): Re-enable FUNCTION and display translations that are safe. (enriched-handle-display-prop): Bring back. (enriched-decode-display-prop): Bring back, but disable the unsafe part. --- ChangeLog.2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'ChangeLog.2') diff --git a/ChangeLog.2 b/ChangeLog.2 index bf52ac0ef1d..bd1800b3307 100644 --- a/ChangeLog.2 +++ b/ChangeLog.2 @@ -1,3 +1,17 @@ +2017-09-11 Eli Zaretskii + + * etc/NEWS: Document the vulnerability and its resolution. + Include a workaround. Suggested by Charles A. Roelli + . + + * lisp/gnus/mm-view.el (mm-inline-text): Disable decoding of + "enriched" and "richtext" MIME objects. Suggested by Lars + Ingebrigtsen . + + * lisp/textmodes/enriched.el (enriched-decode-display-prop): + Don't produce 'display' properties. (Bug#28350) + + 2017-04-20 Nicolas Petton * Version 25.2 released. -- cgit v1.2.1