Dear all,
I just released Org mode 9.7.5 that fixes a critical vulnerability. The release is coordinated with emergency Emacs 29.4 release.
Please upgrade your Org mode.
The vulnerability involves arbitrary Shell code evaluation when previewing attachments in Emacs MUA (gnus-based: at least, mu4e, Notmuch, Gnus itself) or when opening third-party Org files. All the earlier versions of Org mode are affected.
Note that the vulnerability solved in this release has nothing to do with recent Org 9.6.23 release ([ANN] Emergency bugfix release: Org mode 9.6.23 - Ihor Radchenko). It existed since long time ago and was discovered by accident.
亲爱的各位,
我刚发布了修复一个关键漏洞的 Org mode 9.7.5 版本。 该发布与紧急 Emacs 29.4 版本同步发布。
请升级您的 Org mode。
该漏洞涉及当在 Emacs MUA(at least, mu4e, Notmuch, Gnus itself)中预览附件时或打开第三方 Org 文件时,执行任意 Shell 代码。所有早期版本的 Org mode 都受到影响。
请注意,此版本中解决的漏洞与最近的 Org 9.6.23 版本( [ANN] Emergency bugfix release: Org mode 9.6.23 - Ihor Radchenko ) 无关。它存在已久并且是偶然发现的。