Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
patchinfo.7607
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7607
<patchinfo incident="7607"> <issue tracker="bnc" id="1094781">VUL-0: enigmail: replies to a partially encrypted message may reveal protected information</issue> <issue id="1096745" tracker="bnc"> </issue> <issue id="1097525" tracker="bnc">VUL-0: CVE-2018-12019: enigmail: signature spoofing vulnerability</issue> <issue id="2018-12019" tracker="cve" /> <issue id="2018-12020" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>AndreasStieger</packager> <description>This update for enigmail to 2.0.7 fixes the following issues: These security issues were fixed: - CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email signatures could be spoofed via an embedded "--filename" parameter in OpenPGP literal data packets. This update prevents this issue from being exploited if GnuPG was not updated (boo#1096745) - CVE-2018-12019: The signature verification routine interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (boo#1097525) - Disallow plaintext (literal packets) outside of encrpyted packets - Replies to a partially encrypted message may have revealed protected information - no longer display PGP/MIME message part followed by unencrypted data (bsc#1094781) - Fix signature Spoofing via Inline-PGP in HTML Mails These non-security issues were fixed: - Fix filter actions forgetting selected mail folder names - Fix compatibility issue with Thunderbird 60b7 </description> <summary>Security update for enigmail</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor