Make Gnus treats inline MIME contents as untrusted
Resolves: RHEL-36241
This commit is contained in:
Jacek Migacz
parent
f2d8a46ab3
commit
888ba3821c
25
emacs-mark-contents-untrusted.patch
Normal file
25
emacs-mark-contents-untrusted.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 937b9042ad7426acdcca33e3d931d8f495bdd804 Mon Sep 17 00:00:00 2001
|
||||
From: Ihor Radchenko <yantar92@posteo.net>
|
||||
Date: Tue, 20 Feb 2024 12:44:30 +0300
|
||||
Subject: * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents
|
||||
untrusted.
|
||||
|
||||
---
|
||||
lisp/gnus/mm-view.el | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
|
||||
index 2e1261c..5f234e5 100644
|
||||
--- a/lisp/gnus/mm-view.el
|
||||
+++ b/lisp/gnus/mm-view.el
|
||||
@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically."
|
||||
(setq coding-system (mm-find-buffer-file-coding-system)))
|
||||
(setq text (buffer-string))))
|
||||
(with-temp-buffer
|
||||
+ (setq untrusted-content t)
|
||||
(buffer-disable-undo)
|
||||
(mm-enable-multibyte)
|
||||
(insert (cond ((eq charset 'gnus-decoded)
|
||||
--
|
||||
cgit v1.1
|
||||
|
||||
@ -31,6 +31,7 @@ Patch6: emacs-htmlfontify-command-injection-vulnerability.patch
|
||||
Patch7: emacs-ob-latex-command-injection-vulnerability.patch
|
||||
Patch8: emacs-consider-org-file-contents-unsafe.patch
|
||||
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch
|
||||
Patch10: emacs-mark-contents-untrusted.patch
|
||||
|
||||
BuildRequires: atk-devel
|
||||
BuildRequires: cairo-devel
|
||||
@ -192,6 +193,7 @@ packages that add functionality to Emacs.
|
||||
%patch7 -p1 -b .ob-latex-command-injection-vulnerability
|
||||
%patch8 -p1 -b .consider-org-file-contents-unsafe
|
||||
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
|
||||
%patch10 -p1 -b .mark-contents-untrusted
|
||||
autoconf
|
||||
|
||||
# We prefer our emacs.desktop file
|
||||
@ -481,6 +483,7 @@ fi
|
||||
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12
|
||||
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
|
||||
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
|
||||
- Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203)
|
||||
|
||||
* Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11
|
||||
- Bump version
|
||||
|
||||
Loading…
Reference in New Issue
Block a user