Post Syndicated from corbet original https://lwn.net/Articles/979491/

Version
29.4 of the Emacs editor has been released. This is “an emergency
bugfix release” fixing a vulnerability that can cause
the editor to execute arbitrary shell code in Org mode. Anybody who runs Emacs on
untrusted files — including those using Gnus or one of the Emacs mail modes
— should be looking to update. For those who cannot update, a pair of
messages from Russ
Allbery and Florian Weimer
investigates how to disable the Org-mode evaluation, a task that is
seemingly more complicated than it should be.