In Emacs before 29.3, Gnus treats inline MIME contents as trusted. References: http://www.openwall.com/lists/oss-security/2024/03/25/2 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Upstream patch: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804
Created emacs tracking bugs for this issue: Affects: fedora-all [bug 2280303]