A remote execution exploit via enriched text has been blocked
This upstream patch has been incorporated to fix the problem:
Remove unsafe enriched mode translations
* lisp/gnus/mm-view.el (mm-inline-text):
Do not worry about enriched or richtext type.
* lisp/textmodes/enriched.el (enriched-translations):
Remove translations for FUNCTION, display (Bug#28350).
(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
Origin: backport, commit:
9ad0fcc54442a9a01d41be19880250783426db70)
Bug: https://bugs.gnu.org/28350
Bug-Debian: http://bugs.debian.org/875447
Forwarded: not-needed
projects / emacs.git / commit