This is an emergency release to fix a security vulnerability in Emacs.
Enriched Text mode has its support for decoding 'x-display' disabled.
This feature allows saving 'display' properties as part of text.
Emacs 'display' properties support evaluation of arbitrary Lisp forms
as part of instantiating the property, so decoding 'x-display' is
vulnerable to executing arbitrary malicious Lisp code included in the
text (e.g., sent as part of an email message).
This vulnerability was introduced in Emacs 19.29. To work around that
in Emacs versions before 25.3, append the following to your ~/.emacs
init file:
(eval-after-load "enriched"
'(defun enriched-decode-display-prop (start end &optional param)
(list start end)))
Gnus no longer supports "richtext" and "enriched" inline MIME objects.
This support was disabled to avoid evaluation of arbitrary Lisp code
contained in email messages and news articles.
I spend most of my time editing in Emacs. I read and send mail with Emacs using M-x rmail and C-x m. I have no experience with any other email client programs. In principle I would be glad to know about other free email clients, but learning about them is not a priority for me and I don’t have time.